Hi all I have install Keycloak 6.0.1 Tomcat 7 adapter in Liferay 6.2 for SSO authentication and authorization. I have download keycloak.json to our web application WEB-INF and add below for context and web tomcat XML. The integration between Liferay and Keycloak SSO have no issue. However I have a doubt about protected resources in <security-constraint> tag. Currently I have added /group/*, hence all URL path is /group value required to log in. If I would like to add URL /admin/* to use Liferay login page instead of SSO Login page , how to do it ? Thanks ---- context.xml <Context path="/XXXX" crossContext="true" allowLinking="true"> <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/> </Context> ---- web.xml <security-constraint> <web-resource-collection> <web-resource-name>Lawnet</web-resource-name> <url-pattern>/group/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>KEYCLOAK</auth-method> <realm-name>XXXXX</realm-name> </login-config> <security-role> <role-name>user</role-name> </security-role> Best Regards and Thanks Wee Tat , Yeo (NCS) Consultant, NCS Pte Ltd WARNING: This e-mail transmission is intended only for the addressee. Privileged/Confidential information may be contained in this message. If you are not the intended addressee, you should delete it and must not copy, distribute it or take any action in reliance thereon. Communication of any information in this email to any unauthorised person is an offence under the Official Secrets Act (Cap 213). Please notify the sender immediately if you have received this by mistake.