Secure a distributable EAR application with keycloak

I have an EAR application with a WAR and I deploy it on Wildfly 16.

First of all I would secure it, so I have created a realm and 2 clients on keycloak and created the adapter configuration on the standalone.xml.

It works fine, no problem.

But I have a new problem: policy enforcerer. I cannot enable policy enforcerer with the standalone.xml configuration :frowning: so I had to include keycloak.json in my WAR.

It works fine, until I am in developement environment.

Now, my EAR must be installed in 10 different server with 10 different keycloak installation, so i have 10 different keycloak.json.

Can I enable policy enforcerer with standalone.xml configuration? Could be fine, my war could be standard and only requirement would be to modify installation’s standalone.xml :+1:

If i can’t use standalone.xml, how can I do without recreating 10 different WAR :-1: ?

Each server has its own domain, own clients with own secrets :frowning:

Central keycloak installation? Same problem, each installation is a different realm.

Each answer or suggestion is welcomed, even it’s “you can’t”.

EDIT: Is it possible to export realm + clients configurations using same keys, without users and resources?