Liferay has  an OOTB SSO configuration, and can be configured to use Keycloak as the Authorization Provider. 

This article explains, how to make such configuration on Liferay and Keycloak side:

https://lifedev-solutions.blogspot.com/2019/10/liferay-keycloak-integration-using.html

However, there are two limitations in this approach:

• Keycloak can't be set as a default authorization mechanism;
• Single Logout (SLO) is not working.

The "Keycloak SSO Helper" ( https://github.com/liferay-apps/keycloak-sso-helper ) helps to overcome such limitations. 

Enjoy!

Regards,

Vitaliy