We have a peculiar request from a customer who uses Oracle's Access Manager (OAM) as their SSO solution: They wish to add One-Time Password functionality, but they'd rather employ Keycloak's functionality for this.
So my question is, can one integrate Keycloak with OAM in order to leverage Keycloak's OTP functionality, while keeping the core SSO functionality served by OAM?
The One-Time Password, OTP integration in Oracle OAM is done via the Adaptive Authentication Service- refer the doc from version 12c, read section 32.2. Integration with Keycloak is not an option. Using the Adaptive Authentication Service (which is out of the box in 12c version) will provide you the One-Time Password functionality. However, if your requirement is to use Keycloak OTP then you will have to develop your own Custom Authentication plugin for integration with your third party, i.e. Keycloak. refer this doc on "Developing Custom Authentication Plugins". Note: I have provided url for reference/docs from the latest version of Oracle Identity Management 12c since I do not know your current OAM version. There is significant development involved in writing your own custom authentication plugin. The out of the box OTP functionality with OAM (in version 12c) would be a much straightforward option.