I have significant experience customizing Red Hat Single Sign On (or Keycloak) to fit the business's authenitcation needs. I have implemented reCAPTCHA on login, written custom code to talk to another application's authentication service when the user base lives somewhere else, and implemented enterprise-level multifactor authentication as a part of the RH-SSO browser login flow.
The customization of RH-SSO (Keycloak) can be quite tedious and involved. Just send me your requirements and let me do the leg work for you!