I looked at the image, specifically the @Path("/login") JAX-RS method.
What you are attempting will just not work. Period. I don't think you
understand how basic servlet, JAX-RS, and HTTP works along with how Open
ID Connection works. OpenID Connect (and SAML) require browser
redirects. In looking at your code, you're expecting authenticate() to
redirect the browser to keycloak, have the user login, then redirect
back. This just doesn't do what you expect. And it shouldn't.
Calling servletRequest.authenticate() sets a 302 response with a
Location header pointing back to the server. That's it... You
actually override what authenticate() did by returning a JAX-RS response.