Following @leastprivilege answer in my previous question, I concluded that neither are possible solutions:

• The login service doesn't support REST authentication (thus, can't use IUserService.AuthenticateLocalAsync and just connect to it)
• I don't need it to be an additional provider, I need it to substitute IS3 one, ie, instead of showing the local login + additional providers, I need the /login page to be the one from a different service.

Can this be customized or do I need to change IdentityService3 source? If so, what to I need to guarantee implementation wise in order for to achieve the authentication and not break the authorization?

UPDATE

Following this answer the solution might be creating a new provider and setting the automatic redirect somewhere using acr_values

Solved it after some research. You'll need this three steps:

• A Owin Authentication middleware that redirects to the page you want, providing the protected state (this will let you finish the authentication process later). You can follow [Anders Abel tutorial]
• Custom user service that overrides the PreAuthentication method and sets the SignInMessage message.Idp with your middleware id. Code sample: check it here
• After the successful authentication, your page should redirect to the middleware callback with the state parameter. With the mentioned dummy middleware, it's set as /signing-dummy