Is generic route forwarding possible for Keycloak running on Docker/Cloud Foundry?

we managed to set up a Standalone-HA cluster of Keycloak to run on IMB Cloud (Cloud Foundry).
We originally had it test-deployed using Thomas Darimont’s Spring-Boot POC project, which also allowed to add customisations like BCrypt password encryption with a pepper and some route forwarding for the main realm.

The encryption module turned out to be easy to package as a .jar module to /standalone/deployments/ inside the Docker image, but I’m afraid that adding this routing is a wholly different cup of tea; at least to set it up in either Keycloak itself, the Docker image, Wildfly, or in the CF environment.
Of course we can always set up a separate gateway to handle this, but that would be yet another deployment to maintain, so it would be great if this is possible without that.

In the Spring-Boot container, we achieved this by adding a separate Controller class to implement these route forwards:

GET  /login                         => /auth/realms/{realm}/account
GET  /oidc/certs                    => /auth/realms/{realm}/protocol/openid-connect/certs
GET  /oidc/login-status-iframe.html => /auth/realms/{realm}/protocol/openid-connect/login-status-iframe.html
GET  /oidc/logout                   => /auth/realms/{realm}/protocol/openid-connect/logout
POST /oidc/auth                     => /auth/realms/{realm}/protocol/openid-connect/auth
POST /oidc/token                    => /auth/realms/{realm}/protocol/openid-connect/token
POST /oidc/token/introspect         => /auth/realms/{realm}/protocol/openid-connect/logout
POST /oidc/userinfo                 => /auth/realms/{realm}/protocol/openid-connect/userinfo

One of the controller methods:

@GetMapping({BASE_PATH_OIDC + "/certs", BASE_PATH_OIDC + "/login-status-iframe.html", BASE_PATH_OIDC + "/logout"})
 public void forwardOidcGet(HttpServletRequest request, HttpServletResponse response) {
     String path = request.getRequestURI().substring(
                request.getRequestURI().lastIndexOf(BASE_PATH_OIDC) + BASE_PATH_OIDC.length() + 1);
     forward(forwardTokenPath + path, request, response);
 }

… nothing more complex than that.

However, in the new situation where we run Keycloak as docker image on Cloud Foundry I have so far not figured out how to achieve this.

I should add that I’m not very familiar with JBoss / Wildfly.
We always work with Spring MVC or Spring Boot deployed on Tomcat (or a cloud environment), so I am especially curious if there exists a JBoss equivalent of adding another controller like we did in Spring Boot. It would be great if we could do this in a similar way as how we now deploy that additional BCrypt module.

Thanks!
Lúthien

(I also posted this question on the Keycloak Discourse Group one month ago but haven’t gotten an answer there, therefore I’m reposting here)

Source: Docker Questions