Authorization decision by http header

we have the following use case:
We have an application which we want to secure with kong and keycloak. At this moment we are using an other idm. This application is able to handle multitenancy through a http header custom-header: client1 e.g…
So with kong we are able to create different routes based on http header and so we can have different plugin settings for different routes/http header.
A user would create an api key with the idm and then request the application with the api key. The Kong plugin is extracting the http header, api key and the uri (e.g. /some/url/ and sending this to the idm.
In the idm there are rules which specify which user can access which url and which custom-header. The Kong Plugin request to the idm looks like this: https://idm/access?token=asdf&uri=/some/url&header=client1 The idm response with permit or refused.

Are we able to have this behavior with keycloak and how are we able to do this? Looking around I was not able to find out if it is possible. I found e.g. this post which is not answered.