...
- it doesn't save any work, still need to cache the credentials in crowd
- adds a little bit of complexity in that we have to check the expires time on the cache to see whether we need to get new creds for the user
- still need to handle same federated user, two stacks
- this will likely exacerbate the propagation delay issue, because instead of hitting it once for all time, they could hit it once per day
Questions:
- assuming the propagation delay issue remains
- looks like the name length restriction may be too short for an email address