Bare minimum settings to get RHPAM (Business Automation) to integrate with RHSSO/keycloak?

What are the bare minimum settings needed to get RHPAM (RedHat Business Automation) when installed as an Operator inside Openshift cluster to be able to integrate with RHSSO (Red Hat Single Sign On based on Open Source Keycloak as installed as Instantiated Template in the Catalog) ?

Is there a good YouTube video or specific documentation, kb articles, or whatever on how to get a barebone proof of concept working whereby I can log into RHPAM with RHSSO?

I have been able to deploy RHSSO (persistent with PostgreSQL db) and RHPAM Business Automation 7.12.1-2 in the same project and namespace on the same Openshift 4.9.x cluster…

In the RHSSO I have set up the realm, created the client, etc etc
And in the RHPAM side when after the Operator deploys, I use the console-cr-form the form based version of the Installer wizard to deploy the RHPAM in authoring instance/mode with the RHSSO as authentication mode and create/set the client ID, client secret etc etc…

Then when I click on the url link in the exposed routes section of the networking menu in OCP, I see the url for RHPAM, click on it and can confirm that it redirects to the RHSSO page for me to login. I have already created a user with username/password account in RHSSO and I authenticate against that user but when it should get to the final landing page and log me in into RHPAM as that user, instead it tells me the error message of :

Yet when I check the RHSSO side I can see that a session was connected, including what was my IP address, username/account used, etc etc…

So the connection portion of this is working but yet it won’t finally allow me to actually log inot the RHPAM even though by all appearances it was able to pass that credentials over…

Is there a good YouTube video or specific documentation, kb articles, or whatever on how to get a barebone proof of concept working whereby I can log into RHPAM with RHSSO?

Example yaml for the RHPAM installer is here below:

apiVersion: app.kiegroup.org/v2
kind: KieApp
metadata:
name: rhpam
spec:
environment: rhpam-authoring
commonConfig:
disableSsl: true
adminUser: admin
adminPassword: admin
startupStrategy:
strategyName: OpenShiftStartupStrategy
auth:
sso:
url: 'example
realm: realmz
adminuser: admin
adminPassword: admin
disableSSLCertValidation: true
objects:
console:
ssoClient:
name: clientname
secret: clientsecret
hostnameHTTP: 'http:/example
hostnameHTTPS: 'example
servers:
- id: kie
name: kie
ssoClient:
name: clientname
secret: clientsecret
hostnameHTTP: 'example
hostnameHTTPS: 'example

It seems like the error message did not make it into your question.

Login failed: Not Authorized