I see a lot of folks struggling with some of the same things I've encountered. I've been working on a more complete app while testing keycloaks capabilities. It is currently:

* an ubuntu vagrant vm

* ansible setup

* keycloak 1.5

* separate wildfly 9 server

* openldap server used for user federation

* jee rest application showing both url protection and programatic ejb authorization

* angularjs web app

* nginx ssl reverse proxy

I'll keep improving it as I go along but I thought I would share and it might help others.

It's at "https://github.com/cwalker67/keycloak_demo"

thanks,

charlie