We're using Keycloak as the SSO infrastructure on Kogito Architecture. All Kogito REST services should implement the Keycloak adapters to make this possible:

1. Validate token against a Keycloak instance
2. Send JWT Tokens during calls to inner services

This adapter can be implemented as:

1. A jar library. Spring Boot offers a nice integration with Keycloak Adapters. On Quarkus some research is needed
2. As a Mesh with Istio. The Envoy proxy can validate coming tokens (ingress) and add tokens to inner calls (egress)
3. Likely #2, a Kubernetes Ingress Controller can integrate with Keycloak as well

Options #2 and #3 won't need any implementation on Kogito Runtimes side. It's preferable since we can distinguish infrastructure code from business