The error is not 401, I get a 500 error code. The following is the log capture of the backend application: Caused by: java.lang.NullPointerException at org.keycloak.adapters.authorization.AbstractPolicyEnforcer.authorize(AbstractPolicyEnforcer.java:69) at org.keycloak.adapters.authorization.PolicyEnforcer.enforce(PolicyEnforcer.java:77) at org.keycloak.adapters.AuthenticatedActionsHandler.isAuthorized(AuthenticatedActionsHandler.java:142) ... 38 more I use keycloak 2.3.0.Final whit the following configuration: 1. Backend app in EAR package whit jax rs service and the next keycloak.json file: { "realm": "demo", "auth-server-url": "http://localhost:8080/auth", "ssl-required": "external", "resource": "afiliacion-web", "credentials": { "secret": "45226cd3-796e-4e38-9f38-8435877c660b" }, "policy-enforcer": {} } and this is web.xml fiel: <!-- PRIVATE --> <security-constraint> <display-name>Client Area</display-name> <web-resource-collection> <web-resource-name>client_resources</web-resource-name> <url-pattern>/rest/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <!-- BASIC AUTHENTICATION ALLOW LOGIN FROM REST SERVICE --> <login-config> <auth-method>KEYCLOAK</auth-method> <realm-name>demo</realm-name> </login-config> <security-role> <role-name>*</role-name> </security-role> 2. Front end app is public client in keycloak, and sends all requests to backend adding the bearer token. Thank you so much Ebondu. Gaalvarez.