As an authentication, the application (Service-X) uses a third-party internal service (Service-Y), in which all the information about the employees is stored. All internal services of the company use SSO.
How to implement the ability to log in to Service-X if Service-Y is unavailable? (If I have already been authenticated in Service-X before this).
The remember-me feature that comes with Spring Security might be what you're looking for.
However, there are still quite a few limitations to this. If your cookies are wiped upon closing the browser, which is quite common in a lot of big companies, this won't work. Other than by the session cookie, you can't safely remember the user. You absolutely require Service-Y to be available to identify the user if his cookies have been cleared or have expired.
The main selling point of OAuth2 is that you sign in using Service-Y without Service-X knowing your username/password (unless the username is transmitted through the scope), so while you could ask the user to provide a password on the first time he signs in Service-X using Service-Y in case Service-Y goes down, which would potentially patch your issue, I really do not recommend it because it somewhat defeats the purpose of OAuth2.
Now, if you do take that suggestion despite me not recommending it, you should make sure that Service-X checks that Service-Y is down before allowing the user to sign in using the password he provided for Service-X.
Best case scenario, if your browser cookies aren't cleaned, go for the remember-me feature. I suggest you read the following: http://www.baeldung.com/spring-security-oauth2-remember-me