Hello,

We are using keycloak as an Identity Broker solution in front of our web application.

We have two options for an end-user:
  1. User want to authenticate against a SAML IDP configured in Keycloak as an Identity Provider
  2. User want to authenticate against keycloak username/password present in keycloak realm
Is it possible to set the Identity Provider to authenticate by default but if the user is not able to reach the configured Single Sign-On Service URL (because IDP is not available outside customer network) a fallback is given to the manual login page?

Or how can you end up at the manual (keycloak) username/password login screen when the Identity Provider has been set to authenticate by default.

I tried to find this in the manuals but I was not able to find this.

Best regards,

Maurice Quaedackers.