IdentityProviderService#identityProviders is not updated in all nodes when a provider is added, removed or modified in one node. The identityProvider-<provider>.json is created on all nodes but this does not update the identityProviders list. Even if the config is then edited on an affected node the identityProviders list is still not updated.
As Elizabeth Browne found:
- Setup IDM to run in a cluster with nodes A and B
- On node A enable social auth for Facebook (actual provider is unimportant)
- On node B enable social auth for Google (again, unimportant)
- Bring up the end-user login screens for both nodes. Note that on A only Facebook is shown and on B only Google is shown (admin can see both on both nodes)
Going a little further:
- Modify any part of the provider config for Google on A
- Refresh end-user login screen on node A, note that it still does not show the Google button
The configs are appearing on both nodes and the admin views are all up to date. But the end-user login view is dependent on the identityProviders list being up to date and it is not.