[keycloak-user] Alternative to Kerberos & Custom Use Case

Hi, Are there any other mechanisms in Keycloak apart from Kerberos which can establish something similar to a cross realm trust? Also, consider this use case: We have App A and App B. App A and App B may have different Keycloak instances or maybe in different realms of the same Keycloak instance. User logs into App A. He clicks on a button in App A which is supposed to take him to App B. The user now has a JWT when he logged into App A. Now App B knows that all the redirects are going to be from App A. So can App B verify the token through App A? Regards, Aditya