Relates to question: Keycloak as an Authorization Service
Summary question: is it possible to use Keycloak as a general purpose authorization service without any prerequisite on how users are authenticated?
Context:
Assuming a resource server that integrates to an existing constellation of services/resource server for which an authentication service/provider already exist and provide SSO and thus authentication is already done and provided (i.e another OIDC provider). Can Keycloak authorization services operates solely without any requirement to how the user authenticate to the resource server?
I am browsing the docs and the experimenting with the quickstarts and can not find a good answer for the above. The end-purpose would be for a resource server to delegate its authorization decision fully to Keycloak but without being integrated with how it receives the users authenticated identity.
Note that integrating with the existing OIDC provider as an “Identity Providers” as the authentication is already done and provided for.