If you have been following my recent adventures in playing with both Authentik and Keycloak as an OAuth/OIDC Identity Provider (IdP) for use with vCenter Server or VMware Cloud Foundation (VCF) Identity Federation, you can take it one step further and authenticate with a Yubico YubiKey or Apple Face ID for additional security.
In my original setup, the OIDC endpoint provided by both Authentik and Keycloak was using HTTP and works perfectly fine with both vCenter Server and SDDC Manager for a VCF-based environment. With that said, if you have a requirement to serve the OIDC endpoint over HTTPS, which is a requirement for using WebAuthn (e.g. YubiKey, Face Id, etc), then some additional configurations are required on both the identity provider as well on the vCenter Server side depending on the type of TLS certificate you are using.