I just copy and paste here what Eloy said in the chat...

I was guessing how interesting would be to allow auth plugins to have support for having other auth plugins as potential fallbacks. So, for example, you can define that your cas auth supports ldap as fallback.

And, at the same time, every auth plugin could decide if can be used as primary auth or only as fallback... many possibilities, really.

And then, when authenticate_user_login(), all those fallbacks are followed and tried.

Much like it happens in that function when the user is new (all enabled plugins are tried), but for already existing users.

I really think that would open a bunch of current not-working use cases to work easily.

All that in the context of MDL-44541 where I've been chatting with Jun Leyva about different ways to achieve it. He's creating an issue about that. Feel free to put it here for public disclosure, Juan, TIA!