[keycloak-user] Multitenant KeycloakConfigResolver

Hello, in a multitenant app on Wildfly 14.0.1 with a bearer-only REST API to protect I would like some URLs to not be secured. So I would like my custom KeycloakConfigResolver implementation to not be called when those URLs are hit but it is. The reason I don't want my KeycloakConfigResolver to be called is simply because I have no clue as to what to return in that case: its a non-secured REST endpoint so a Keycloak realm doesn't make sense in my understanding. My setup follows the docs: I've installed the adapter for Wildfly and the web.xml has the necessary setup for not securing some URLs (no auth-constraint for those URLs) Also in jboss-web.xml the security-domain element isn't defined, although I don't know if that plays any role. My final goal is to have some URLs secured by using the JBoss specific @SecurityDomain and the standard @RolesAllowed etc annotations. Can you please shed some light on this matter? I'd greatly appreciate any detailed explanation of the mechanisms involved in this area. Cheers, Vagelis