[keycloak-user] Technical Guidance

I just recently introduced KC to a Spring Cloud micro-service environment as the IDM and Oauth manager of JWT tokens. Front end clients are implementing the javascript adapter and backend Spring Boot services are implemented with the Spring Security adapter (not boot adapter). Our Service Gateway (Zuul) simply passes the token to backend services. My question is regarding offloading offloading AuthN and IDP to external systems and then brokering to Keycloak for JWT creation. Which would look something like ( Customer on premise AuthN) —> Ping —> Keycloak. Ping has been introduced purely as an SP to handle customers implementations of Shibboleth and Incommon. Initially I was thinking that IDP - Ping SP mapping is all done via Ping and then a canonical SAML exchange to Keycloak. Is this possible? I would appreciate some guidance here. -dana