Wildfly makes a number of login modules available as a part of the Security sub system that include SPNEGO (see the link below). Since Keycloak supports defining new Realms, if you can provide some hooks to map the newly defined Realms to the Security sub system, I think it would address the issue. Picketlink examples shed some light on how it can be done.

https://docs.jboss.org/author/display/WFLY8/Security+subsystem+configuration

On Saturday, October 11, 2014 8:53 AM, Bill Burke <bburke@redhat.com> wrote:

Kerberos is on our roadmap as there's some other Red Hat kerberos
products we need to integrate wit. I don't understand Kerberos deep
enough yet to know exactly what or how we would do it. My current
thought that the Keycloak auth server would be a secured Kerberos
service and become a bridge between kerberos and SAML or OpenID Connect.

On 10/10/2014 5:24 PM, Raghuram wrote:
> Can I put in an enhancement request for at least some hooks as I am not sure how a custom federation provider could be written for SPNEGO negotiation. This feature will be useful for all organizations that invested in Kerberos infrastructure.
>
>> On Oct 10, 2014, at 5:11 PM, Bill Burke <bburke@redhat.com> wrote:
>>
>> we don't support kerberos.
>>
>>> On 10/10/2014 5:06 PM, Raghuram wrote:
>>>
>>>> Has anyone tried out SPNEGO (Kerberos) authentication with key cloak
>>>> 1.0.2? If so, appreciate any input on how it can be achieved?
>>>
>>> Sent from my iPhone
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user@lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com/

>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user@lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com/