How to migrate Spring MVC Pre-Authentication Scenario to Oauth2 JWT based authentication

My company wants to migrate e Spring MVC+AngularJS application deployed as a war under Tomcat, to a Spring Boot + Angular 12 + JWT secured application. The problem we are now facing (among many other) is migrate the security from session based to sessionless JWT based. In particular we cannot find a way to migrate the Pre-Authentication Scenario that is present in the application to a JWT token scenario, mantaining the possibility to login with a header-based authentication made by an external IDP (Siteminder) over which we have no control. All we have is a call that is now made to our “login url”, passing some headers (injected by the external IDP) that are used to populate the Principal and start the session. After that, no other interactions with the external IDP are made.

How that flow can be mapped to an oauth2 JWT token based authentication with Keycloak ?