I just pushed a (very simple) generic JWT plugin policy to master. 

To try it out right now you will need to build it. Just check out the apiman/apiman-plugins repo and execute `mvn clean install`. The plugin coordinates will be G: io.apiman.plugins A: apiman-plugins-jwt-policy V: 1.2.9-SNAPSHOT.

It isn't yet as feature-rich as the Keycloak plugin, but you can:

- Require JWT.

- Require claims (e.g. sub = foo).

- Require JWT be cryptographically signed (aka. JWS).

- Validate JWT against a provided public key.  

- Remove auth tokens (prevent them reaching the backend).

- Set maximum clock skew.

I'll expand on this shortly to add something that will hopefully add some commonly-used features from the Keycloak plugin:

- Allow extraction of roles for authorization

- Forward token fields as headers (e.g. X-Sub = sub)