<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div>Hello,</div><div><br></div><div>We are using keycloak as an Identity Broker solution in front of our web application.</div><div><br></div><div>We have two options for an end-user:</div><ol><li>User want to authenticate against a SAML IDP configured in Keycloak as an Identity Provider</li><li>User want to authenticate against keycloak username/password present in keycloak realm</li></ol><div>Is it possible to set the Identity Provider to authenticate by default but if the user is not able to reach the configured Single Sign-On Service URL (because IDP is not available outside customer network) a fallback is given to the manual login page?</div><div><br></div><div>Or how can you end up at the manual (keycloak) username/password login screen when the Identity Provider has been set to authenticate by default.</div><div><br></div><div>I tried to find this in the manuals but I was not able to find this.</div><div><br></div><div>Best regards,</div><div><br></div><div>Maurice Quaedackers.</div><div><br></div><div><br></div></body></html>