Hi all,
I've a legacy solution that uses its own users (included the password) and roles database, so due to the migration to Keycloack I've written a User Federation Provider. Optionally some users may use their Active Directory credentials to log in on the realm and my User Federation Provider is able to manage both cases. So I don't use the official LDAP User Federation Provider provided by Keycloack. I'd like to offer to users mapped on LDAP the Kerberos authentication. Is it possible to create a similar login pipeline:
1) The User Kerberos token is valid, so Keycloack grabs it and then calls my User Federation Provider passing it the username that comes from Kerberos;
2) OR, the User Kerberos token is NOT valid, so Keycloack shows the login page to the user and then passes the credentials to my User Federation Provider.
Thank you in advance,

--Vito