Only show social login providers, not username/password

How do I remove the Username/Password from from the browser login authentication flow?

I’ve tried copying the browser flow and removing the form execution or making it ‘alternative’ but this just results in the page returning ‘We are sorry… Invalid username or password.’

2 Likes

Hi CBVista

I think you could edit the freemarker theme to remove the username password input.

I was really hoping not to need to do that… In a more perfect world the first login page would only show the social login providers with a link/button to take you to a manual login form (for admins)… guess I’ll need to customize the template for this too.

I think just doing the template would help the UI, but people could still POST their forms to endpoints and I bet it’d still work. You’d have to turn off realm registration completely, and just not set any credentials for any user, forcing them to go through IDP to login.

I’d recommend to just update the .ftl
So create your own theme and juggle the divs. We for instance overlaid a div with two buttons, like Employee login (SAML federated) and guest login (username /password).
That was what we needed.
In your case you could hide the username/pf div and resize the social login one. Just make sure you don’t block your admin for login.

I am encountering the same problem : Same objective (social login only), same attempt in copying the Authentication/browser flow + disabling the browser form ==> Same error in return : “We are sorry …”.
Hiding from the html template seems definitely not an acceptable solution to me.

So would be interested also if anyone solved this issue

(using KC 8.0.0)

18:40:42,657 WARN [org.keycloak.events] (default task-73) type=LOGIN_ERROR, realmId=myrealm, clientId=myclientid, userId=null, ipAddress=6.7.8.9, error=**invalid_user_credentials**, auth_method=openid-connect, auth_type=code, response_type=code, redirect_uri=https://xxxxxx/oauth, code_id=xxxxxxx-5402-4063-aaaa-9dc3f8620d78, response_mode=query, authSessionParentId=xxxxxx-5402-4063-aaaa-9dc3f8620d78, authSessionTabId=rrrrrrrr