I am trying to develop an web application using angular 4, java ee and wildfly. I am planning on using keycloak as IDM. I researched and found that we can provide roles to user but what I couldn't find is if it provides the feature to exclude some privilege from admin role.
For example: I want to provide user with admin role all the privileges except one, so I want to exclude the privilege from that admin.
Is it possible using keycloak? If not, can anyone suggest any other IDM matching this requirement?
No, you cannot change the privileges of admin role. Yes, you can use Keycloak.
From http://www.keycloak.org/docs/latest/server_admin/topics/admin-console-permissions/fine-grain.html
I think you still can achieve want you want with Keycloak's flexible administrative role and permission management. Just not exactly in the way you think it should be done.
Don't give your administration user the role admin, but some of the more restrictive roles of client realm-management (e.g. view-realm, manage-users).