diff --git a/README.md b/README.md
index a25bead..4b806da 100644
--- a/README.md
+++ b/README.md
@@ -69,18 +69,18 @@ ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e
 
 ### Config Playbook
 
-`playbooks/keycloak-realm.yml` creates provided realm, client(s), client role(s) and client user(s) if they don't exist.
+`playbooks/keycloak-realm.yml` creates provided realm, user federation(s), client(s), client role(s) and client user(s) if they don't exist.
 
 ### Config role
 
-* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, with clients and users, in an installed service.
+* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, user federation(s), clients and users, in an installed service.
 
 ### Example configuration command
 
 Execute the following command from the source root directory
 
 ```
-ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
+ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
 ```
 
 - `keycloak_admin_password` password for the administration console user account.
diff --git a/playbooks/keycloak-realm.yml b/playbooks/keycloak-realm.yml
index ec8de4a..e62f6f3 100644
--- a/playbooks/keycloak-realm.yml
+++ b/playbooks/keycloak-realm.yml
@@ -8,6 +8,46 @@
       vars:
         keycloak_admin_password: "changeme"
         keycloak_realm: TestRealm
+        keycloak_user_federation:
+          - realm: TestRealm
+            name: my-ldap
+            provider_id: ldap
+            provider_type: org.keycloak.storage.UserStorageProvider
+            config:
+              priority: '0'
+              enabled: true
+              cachePolicy: DEFAULT
+              batchSizeForSync: '1000'
+              editMode: READ_ONLY
+              importEnabled: true
+              syncRegistrations: false
+              vendor: other
+              usernameLDAPAttribute: uid
+              rdnLDAPAttribute: uid
+              uuidLDAPAttribute: entryUUID
+              userObjectClasses: inetOrgPerson, organizationalPerson
+              connectionUrl: ldaps://ldap.example.com:636
+              usersDn: ou=Users,dc=example,dc=com
+              authType: simple
+              bindDn: cn=directory reader
+              bindCredential: password
+              searchScope: '1'
+              validatePasswordPolicy: false
+              trustEmail: false
+              useTruststoreSpi: ldapsOnly
+              connectionPooling: true
+              pagination: true
+              allowKerberosAuthentication: false
+              debug: false
+              useKerberosForPasswordAuthentication: false
+            mappers:
+              - name: "full name"
+                providerId: "full-name-ldap-mapper"
+                providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+                config:
+                  ldap.full.name.attribute: cn
+                  read.only: true
+                  write.only: false
         keycloak_clients:
           - name: TestClient1
             roles:
diff --git a/roles/keycloak_realm/README.md b/roles/keycloak_realm/README.md
index d39b2a3..cf1c317 100644
--- a/roles/keycloak_realm/README.md
+++ b/roles/keycloak_realm/README.md
@@ -14,6 +14,8 @@ Role Defaults
 |`keycloak_http_port` | HTTP port | `8080` |
 |`keycloak_https_port` | TLS HTTP port | `8443` |
 |`keycloak_auth_realm` | Name of the main authentication realm | `master` |
+|`keycloak_rhsso_enable` | Define service is an upstream(Keycloak) or RHSSO | `master` |
+
 
 
 Role Variables
@@ -35,10 +37,29 @@ The following variables are available for creating clients:
 |`keycloak_client_default_roles` | List of default role name for clients | `[]` |
 |`keycloak_client_users` | List of user/role mappings for a client | `[]` |
 
+The following variable are available for creating user federation:
+
+| Variable | Description | Default |
+|:---------|:------------|:---------|
+|`keycloak_user_federation` | List of _keycloak_user_federation_ for the realm | `[]` |
+
 
 Variable formats
 ----------------
 
+* `keycloak_user_federation`, a list of:
+
+```yaml
+    - realm:  <name of the realm in which user federation should be configured, required>
+      name: <name of the user federation provider, required>
+      provider_id: <Type of the user federation provider, required>
+      provider_type: < Provider Type, default is set to org.keycloak.storage.UserStorageProvider>
+      config: <Dictionary of supported configuration values, required>
+      mappers: <List of supported configuration values, required>
+```
+
+Refer to [docs](https://docs.ansible.com/ansible/latest/collections/community/general/keycloak_user_federation_module.html) for information on supported variables.
+
 * `keycloak_clients`, a list of:
 
 ```yaml
@@ -71,7 +92,6 @@ Variable formats
 
 For a comprehensive example, refer to the [playbook](playbooks/keycloak.yml).
 
-
 Example Playbook
 ----------------
 
diff --git a/roles/keycloak_realm/defaults/main.yml b/roles/keycloak_realm/defaults/main.yml
index dfc7a49..a7897cc 100644
--- a/roles/keycloak_realm/defaults/main.yml
+++ b/roles/keycloak_realm/defaults/main.yml
@@ -9,6 +9,9 @@ keycloak_admin_user: admin
 keycloak_auth_realm: master
 keycloak_auth_client: admin-cli
 
+### List of Keycloak User Federation
+keycloak_user_federation: []
+
 ### Keycloak realm client defaults
 # list of clients to create in the realm
 #
diff --git a/roles/keycloak_realm/tasks/main.yml b/roles/keycloak_realm/tasks/main.yml
index c51ecff..9945fec 100644
--- a/roles/keycloak_realm/tasks/main.yml
+++ b/roles/keycloak_realm/tasks/main.yml
@@ -34,6 +34,24 @@
     status_code: 201
   when: keycloak_realm_exists.status == 404
 
+- name: Create user federation
+  community.general.keycloak_user_federation:
+    auth_keycloak_url: "{{ keycloak_url }}/auth"
+    auth_realm: "{{ keycloak_auth_realm }}"
+    auth_username: "{{ keycloak_admin_user }}"
+    auth_password: "{{ keycloak_admin_password }}"
+    realm: "{{ item.realm }}"
+    name: "{{ item.name }}"
+    state: present
+    provider_id: "{{ item.provider_id }}"
+    provider_type: "{{ item.provider_type | default(org.keycloak.storage.UserStorageProvider) }}" 
+    config: "{{ item.config }}"
+    mappers: "{{ item.mappers | default(omit) }}"
+  register: create_user_federation_result
+  loop: "{{ keycloak_user_federation | flatten }}"
+  when: keycloak_user_federation is defined
+
+
 - name: Create Client
   community.general.keycloak_client:
     auth_client_id: "{{ keycloak_auth_client }}"
diff --git a/roles/keycloak_realm/vars/main.yml b/roles/keycloak_realm/vars/main.yml
index 2f5a56f..1fe044e 100644
--- a/roles/keycloak_realm/vars/main.yml
+++ b/roles/keycloak_realm/vars/main.yml
@@ -13,4 +13,4 @@ keycloak_clients:
 # other settings
 keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
 keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
-keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}"
\ No newline at end of file
+keycloak_rhsso_enable: False
\ No newline at end of file