HA Hosts for setting up credential provider

i can find a lot of information about HA regarding to MYSQL setup. Thats clear to me. But how does HA work for the credential provider(if the defined host is offline)? I could not find docu about adding two servers. Or do i need to make a HA Proxy in between? Or some HA failover with floating IP? Or is there any mechanism allready there in PI?

thank you

Yes, that is the way.

ok. it should be possible to add a second host to the crdential provider so he could choose the second one after a timeout as a failover. would be a lot simpler setup then having a ha loadbalancer or scripting around with hartbeat.

another question is the offline feature? how does it exactly work? when a windows server has internet but no connection to the PI does it also work? how to activate this feature? i was reading that with duo it is possible to set it that way that when the server cannot be reached 2fa is bypassed…

For you.

offline is ment for laptops, that are moved outside of the network.
You windows servers and the privacyidea server run on the same network and are basically available.

If you fully want to understand offline you will have to read the docs, the github wiki and offline issues.