We want to start Jenkins-Jobs remotely via shell-scripts and REST-API.
For other similar use cases where we call REST-Apis using Keycloak authentication the scripts

• fetch an access token (type bearer) from Keycloak. Either using username/password or an offline token
• then this bearer token is used to call the Rest-APIs. The bearer token is added as header in the HTTP-Request (e.g. -H "Authorization: Bearer $ACCESS_TOKEN" using curl)

We would like to do this also with Jenkins and the Keycloak plugin.

I do not know enough about Jenkins plugins and Keycloak to provide a decent implementation, but I created a working quick and dirty one:
https://github.com/vsgfe/keycloak-plugin/commit/e5606c2198b8ff8a44c394139cc9bb2866c331f4

It adds a filter that checks for an authorization header with a bearer token. If one is found, the token is checked and the login is set.