Container registry auth with Keycloak

We are using Gitlab configured to use Keycloak as omniauth provider. Following scenarios are requsted:

  1. For Keycloak users use docker login with personal access token - OK
  2. For local Gitlab users use docker login with username and password - OK
  3. For Keycloak users use docker login with username and password - FAILS

Scenario 3 requires that Gitlab contacts Keycloak for token to be used with docker login.
Is it possible to setup Gitlab in such a way?