I have Keycloak 6.0.1 setup with CILogon Identity Provider and the only flow I’m able to get working is “browser”. The goal is that when someone logs into CILogon and are redirected back to Keycloak they would have to somehow map their CILogon identity to their read-only LDAP identity in Keycloak. We do not allow creation of users in Keycloak, all users come from LDAP and the LDAP config is set to read-only. I’ve managed to get this working by using the “browser” first login flow. I’ve tried modifying the first broker login flow but that has not worked. I’m curious if anyone else has setup Keycloak with CILogon and if so how they handled mapping the CILogon identities to Keycloak users. Thanks, - Trey