You can keep both apps with their own IDP and avoid coupling by using a third IDP as a broker (like another Keycloak instance).
This broker handles login via both app1's IDP and app2’s Keycloak using OIDC.
Basically:
app1 stays as-is
app2 uses Keycloak
the broker gives you SSO between both
This way, each app manages its own users/sessions, and the broker keeps a global session across them.
I wrote a guide on how to set up multiple identity providers in Keycloak if you want to go that route:
https://medium.com/@raf.lucca/one-login-many-sources-oidc-sso-with-multiple-identity-providers-keycloak-08cf3cd13c78