Hi all, I've a legacy solution that uses its own users (included the password) and roles database, so due to the migration to Keycloack I've written a User Federation Provider. Optionally some users may use their Active Directory credentials to log in on the realm and my User Federation Provider is able to manage both cases. So I don't use the official LDAP User Federation Provider provided by Keycloack. I'd like to offer to users mapped on LDAP the Kerberos authentication. Is it possible to create a similar login pipeline: 1) The User Kerberos token is valid, so Keycloack grabs it and then calls my User Federation Provider passing it the username that comes from Kerberos; 2) OR, the User Kerberos token is NOT valid, so Keycloack shows the login page to the user and then passes the credentials to my User Federation Provider. Thank you in advance, --Vito _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev