Hi Filipe, I have a similar use case where Username Form is a fallback option, and I am able to skip the login page by setting the user and returning the success flow status. The custom authenticator sets the user upon success and updates the flow context status, i.e.: ... context.setUser(user); context.success(); return; ... Attached is the custom browser authentication flow screenshot. Hope it helps Regards, Peter ________________________________________ From: keycloak-user-bounces(a)lists.jboss.org [keycloak-user-bounces(a)lists.jboss.org] on behalf of Filipe Lautert [filipelautert(a)gmail.com] Sent: Wednesday, August 10, 2016 4:02 PM To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] Username Password Form as Alternative Hello I would like to have the "Username Password Form" auth type as a fallback option - I've setup my personalized auth methods, but if they don't succeed I wan't the user to be shown the login form. The issue that I face is that even when I authenticate the user successfully (in my Authenticator code with context.setUser(myUser); context.success(); ) the login form is still shown to the user, even if it's inside a auth type "Browser Forms" set up as alternative. I worked around it creating a class called AlternativeUsernamePasswordFormFactory that extends UsernamePasswordFormFactory, and the only change that I did to it was to add the AuthenticationExecutionModel.Requirement.ALTERNATIVE to the REQUIREMENT_CHOICES . Now, if I set this new auth type as alternative in Keycloak, it does what I want. So my questions are: am I missing something to mark my Authenticator as sufficient to end the flow and return to the client? if not, is there a reason why UsernamePasswordFormFactory doesn't provide the ALTERNATIVE option, and can I suggest a patch to add it to this class? Cheers filipe -- filipe lautert