Suppose we use some 3'd party SAML identity provider and keycloak as the identity broker. Can keycloak be used for a fallback scenario when the 3'd party is down? E.g. to be able to authenticate a user via keycloak-stored credentials? Does keycloak support user entering a password for this locally 'cached' account?