diff --git a/hooks/keystone_context.py b/hooks/keystone_context.py
index 87f737f0..a98cfc8a 100644
--- a/hooks/keystone_context.py
+++ b/hooks/keystone_context.py
@@ -343,3 +343,26 @@ class WebSSOTrustedDashboardContext(context.OSContextGenerator):
         ctxt = ({'trusted_dashboards': trusted_dashboards}
                 if trusted_dashboards else {})
         return ctxt
+
+
+class AuthMethods(context.OSContextGenerator):
+
+    auth_methods = ["external", "password", "token", "oauth1",
+                    "openid", "totp", "application_credential"]
+
+    def __call__(self):
+
+        _external = "external"
+        _protocol_name = ""
+        for rid in relation_ids("keystone-fid-service-provider"):
+            for unit in related_units(rid):
+                rdata = relation_get(unit=unit, rid=rid)
+                _protocol_name = rdata.get('protocol-name').strip('"')
+                if _protocol_name and _protocol_name not in self.auth_methods:
+                    self.auth_methods.append(_protocol_name)
+                    # We are federated so remove the external method
+                    if _external in self.auth_methods:
+                        self.auth_methods.remove(_external)
+
+        ctxt = {"auth_methods": ",".join(self.auth_methods)}
+        return ctxt
diff --git a/hooks/keystone_utils.py b/hooks/keystone_utils.py
index 24c5eb78..5f75a5a4 100644
--- a/hooks/keystone_utils.py
+++ b/hooks/keystone_utils.py
@@ -239,7 +239,8 @@ BASE_RESOURCE_MAP = OrderedDict([
                          interface=['keystone-middleware'],
                          service='keystone',
                          config_file=KEYSTONE_CONF),
-                     keystone_context.MiddlewareContext()]
+                     keystone_context.MiddlewareContext(),
+                     keystone_context.AuthMethods()]
     }),
     (KEYSTONE_LOGGER_CONF, {
         'contexts': [keystone_context.KeystoneLoggingContext()],
diff --git a/templates/ocata/keystone.conf b/templates/ocata/keystone.conf
index 327b9f4d..54e3e760 100644
--- a/templates/ocata/keystone.conf
+++ b/templates/ocata/keystone.conf
@@ -128,4 +128,4 @@ admin_project_name = admin
 {% include "section-oslo-middleware" %}
 # This goes in the section above, selectively
 # Bug #1819134
-max_request_body_size = 114688
\ No newline at end of file
+max_request_body_size = 114688
diff --git a/templates/queens/keystone.conf b/templates/queens/keystone.conf
index 8683b279..fc24e648 100644
--- a/templates/queens/keystone.conf
+++ b/templates/queens/keystone.conf
@@ -73,7 +73,7 @@ driver = {{ assignment_backend }}
 {% include "parts/section-middleware" %}
 {% else %}
 [auth]
-methods = external,password,token,oauth1,mapped,openid,totp,application_credential
+methods = {{ auth_methods }}
 password = keystone.auth.plugins.password.Password
 token = keystone.auth.plugins.token.Token
 oauth1 = keystone.auth.plugins.oauth1.OAuth
diff --git a/templates/rocky/keystone.conf b/templates/rocky/keystone.conf
index 2943a980..4b8ce500 100644
--- a/templates/rocky/keystone.conf
+++ b/templates/rocky/keystone.conf
@@ -58,7 +58,7 @@ driver = sql
 driver = {{ assignment_backend }}
 
 [auth]
-methods = external,password,token,oauth1,mapped,openid,totp,application_credential
+methods = {{ auth_methods }}
 
 [paste_deploy]
 config_file = {{ paste_config_file }}