How to set Subject/Principal if Keycloak servlet adapter implemented as custom authentication provider?

It looks like the servlet adapter wraps incoming requests with subject/principal information before sending it down the chain where application code will see it.

If the servlet adapter is implemented as part of a “custom authentication provider”, what additional steps need to happen to make sure the container associates the request a specific user?

In my case, I’m using WebLogic but I can’t figure out what to partner with the servlet adapter to bridge the gap between the Keycloak adapter doing the authentication and then setting the principals/subject in the right place so the application code sees them for that request (LoginModule, IdentityProvider, something else?).

Right now, the Keycloak adapter authenticates (I see the username in the Keycloak wrapper using a breakpoint), but then the container redirects the request to the login.jsp anyway because it doesn’t seem to know the authentication was successful once the authentication process completes.