We have a requirement to pin a
keycloak client to a specific group of
login options i.e. they can only login via
a social provider and not a local
username/password, BUT we also
wish to allow certain users the ability
to override the behavior.
-----------
Hi Rohith,
I think you could solve this problem putting an alternative authenticator
provider between the "Identity Provider Redirector" and the "User and
password form" authenticator in browser flow.
In your provider you can implement all of the rules to check if you must or
not accept login with local user/password.
If the user bypass social login you can catch it in your provider and force
a fail If itsn't allowed.
I've done something like that using a provider that only requires OTP in
some applications.
Regards
Alexis