Support login to Keycloak via my own web app


We have a web service that use OpenAM to provide SSO feature to user. Once user logged into our service, they will access internet services without providing username or password.
We have admin site to allow administrators to configure OpenAM’s IDP and SP configuration. Same as user site, once administrator logged into admin site, they access OpenAM admin console (displayed in an i-frame, inside our web app) without providing OpenAM username or password.

As we are migrating to Keycloak, how do we achieve that ?