I've had investigating keycloak on my list of things to do for a while and wondered if anybody else had seen anything about it or wanted to take it on. With how lightblue is architected we're not coupled to the authn/z layers so maybe it's something that could be useful? If so, maybe we should create some issues to do more with it. I don't think internally we'll need it any time soon, but some initial ideas in an issue could help if someone else wanted to work on it.
I read about it when people announced the project on the core-list and I watched a presentation some time after that, I think it seems to be a nice project ( I'm looking forward the SAML feature). As you said, maybe we can address an issue to use that (maybe for the quickstart/openshift?).
"SAML 2.0 support. Keycloak already supports OpenID Connect, but with this release we’re also introducing support for SAML 2.0. We did this by pulling in and building on top of Picketlink’s SAML libraries."