Hi,

we have quite many providers (such as authenticator, mapper and realm-restapi-extension) implemented for several customers.
For each customer, there should be a different set of custom providers available.

We figured out that providers can be disabled by means of build option spi-<spi-id>-<provider-id>_enabled=false, or by using the env var KC_SPI_<SPI_ID>-<PROVIDER_ID>_ENABLE=false with autobuild.
I see the following options how we can support disabling of providers in Keycloak.X:

1. use autobuild: disadvantage of slower startup (augmentation will take about 20 seconds with all our provider jars)
2. build separate pre-built images for our customers: disadvantage of having to build and maintain many different images
3. inject custom code at startup which disables all providers which are not enabled according to the runtime config (env var KC_SPI_<SPI_ID>-<PROVIDER_ID>_ENABLE=false ) - this code only takes about 0.5 seconds

Due to the disadvantages, we don't want to implement Option 1 or 2.
So I tried out Option 3, but was not yet successful with it. My idea was to implement a decorator bean for QuarkusKeycloakApplication (using @Alternative and @Priority annotations), and overwrite the startup method to run the custom initialization before the original startup. The initialization code seemed to work fine, but when requesting any authorized endpoint, I got an exception due to a missing session:

2022-03-23 09:53:33,769 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-4) Uncaught server error: java.lang.NullPointerException
        at org.keycloak.protocol.AuthorizationEndpointBase.createAuthenticationSession(AuthorizationEndpointBase.java:209)
        at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.process(AuthorizationEndpoint.java:178)
        at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet(AuthorizationEndpoint.java:112)
...

Futhermore, this approach has the disadvantage that the init method of each ProviderFactory is already called before, which is not what we want for disabled providers. (This is done in KeycloakRecorder#configSessionFactory).
Does someone know a way to somehow overwrite this recorder method? I'm a quarkus beginner and don't currently know whether that's possible.

Or someone has an other, maybe simpler idea?