We have some applications without UI who expose web services. Actually, it's EJBs with the @Webservice annotation. Those EJBs are packaged into an EAR file as EJB modules for deployment.

In other applications, we usually add the keycloak-saml.xml file into the war module but, since those applications do not have war module, how could we secure those web services with keycloak?

Thanks,

Christian