given: an internet service with lots of subdomains. Each subdomain is a keycloak client. All subdomains talk to the same java web server.

the challenge: how I could design the system such, that server side could authenticate users without configuring client secrets for each of the subdomain?