[keycloak-user] Keycloak and WildFly authorization

I need to use wildfly as a stateless REST provider (no sticky sessions) so I configured keycloak wildfly adapter to use cookie as a token store. User roles in keycloak servers are imported from LDAP (LDAPProvider) and it is a common situation that a single user belongs to multiple ldap groups (say 30+). Many of these groups decide about users authorization to specific application functionality so they can't be simply filtered at keycloak server level. On the other hand passing so many roles (mapped from ldap groups) in the cookie (KEYCLOAK_ADAPTER_STATE cookie) causes the cookie to be over 4096 bytes big and exceeds popular browsers' cookie size limit. The cookie is simply discarded in such situation. Hance I thought that using keycloak adapter to authentication only and passing authorization to ldapextended login module at wildfly for authorization could be a circumvention. However I doubt if such an idea would work as it doesn't look like there is a fall back from keycloak adapter to other authorization methoda on wildfly. I would appreciate any piece of information if such a configuration is available without redeveloping keycloak adapter or writting my own login module for wildfly. Thanks in advance for help.