LDAP User federation with Username Form and Password Form Authenticator

LDAP User federation works fine if Username and Password authenticator is used. It prompts the user to enter username and password on a single screen and the authentication gets a success.

In my use case, I am creating a new authenticator execution in keycloak : Username Form and Password form. I want user to enter the username and hit enter then on next screen user should be prompted for the password. I synced the users to keycloak DB and now while using this authenticator .,. I get the user login screen and on entering username it throws an error saying : “Cannot login, credential setup required” Do we not have the support for using Username form and password form with LDAP or am I missig any configuration to make this work.


I am having this same issue. Were you able to find a solution?

Noticed the same on my 12.0.4 docker installation. I want to use the flow as suggested in manual here Server Administration Guide (second picture in the chapter) to be able to login with either password + OTP or passwordless WebAuthn.

I have part of my users imported from LDAP, and part of them just in keycloak. Those that are imported from LDAP can’t use password form and I get error “Invalid username or password” when Password form is reached in login flow.

On the other hand, users that reside locally in keycloak, without federation link can login with no problem.

Nothing yet. Still looking out for answers.

Yes this issue is specific for LDAP federation case only I think. With local keycloak user storage it works fine.