Hi Bill,
it's a mixed approach, maybe this is confusing you.

> I don't understand what the flow is below.  In your flow above you said 
> your server is making a call to the backend service with the token and 
> is authenticated correctly, right?

My frontend is a WAR running on Tomcat and it is secured by keycloak.

> What I don't understand is what you are doing below.  Are you saying you 
> have a Browser client (Javascript) making a call to your backend?

The WAR serves also an AngularJS dashboard, in this dashboard I "inject" the token from the server but then I make client side calls.

The flow is:

1- The user call http://.../dashboard

2- The frontend server redirects to the keycloak login

3- Keycloak authenticates the user and redirects to frontend server

4- The frontend server serves the AngularJS dashboard injecting the token

5- The client side dashboard makes ajax calls to the backend to load data

At point 5 I see my backend is logging that the call is AUTHENTICATED but on client side I see the response is failing.

Davide