The middleware images provided in the container catalog come usually in two flavors:
standard mw template and a template with rh-sso.

This is what we should aim for as well.

Right now keycloak is the main pain point why we can't use the webconsole in katacoda as well, so this is not only something we should consider doing for openshift, but also for our web distribution.

When there is no keycloak / rh-sso, it must be possible for the user to use EAPs standard authentication mechanism to secure the access to the web console.

When the keycloak / rh-sso flavor is used, it must be possible that the user can change the default password and user. For the openshift template, the same must be true.