Add Cookbook entry for authentication with Keycloak/Red Hat SSO

[russsaidwords]

I'd love to adopt Feathers for some new projects coming up, and all other pieces seem easily laid out and clear. I am unclear on how to implement a generic authentication mechanism for Keycloak. A lot of what surrounds authentication is difficult or not overly clear to me.

If I have my terms right... I would like to use Keycloak as my IdP. I would like the Feathers projects to become Relying Parties, and I would want to reverse proxy to Feathers projects just as I would reverse proxy to Keycloak. My goal is to set up SSO between all APIs and applications given one login from the user through Keycloak.

Here's an image of what I would like the architecture to look like:

I guess my questions are two-fold: anyone have any experience setting something like this up and if so - does this diagram make sense for my stated goals? And two: can authentication through Keycloak be made more clear with a Cookbook entry or can I follow one already made (another Oauth example) and swap out for Keycloak related data? Thanks for reading this far.

[daffl]

There is a blog post by @claustres at https://blog.feathersjs.com/oauth-made-easier-with-feathers-v4-v5-openid-connect-and-keycloak-1c0f575cbbec on how to use Keycloak with oAuth, maybe that helps to get things started?