https://docs.sysdig.com/en/administration/onprem-openid-keycloak/