Hi all, I am having the following issue: Scenario 1: In my application index.html (bundled in a JAR file and deployed in Jetty), I have the following code: <script src="keycloak.js"></script> <script> var keycloak = Keycloak( { "realm": "master", "clientId": "client1", "auth-server-url": "http:// <<keycloak-server-ip>>:<<keycloak-server-port>>/auth", "public-client": true }); keycloak.init({ onLoad: 'login-required' }).success(function () { alert("login success"); }); </script> And I have the following client configuration in Keycloak server Client Protocol - openid-connect Access Type - public Standard Flow Enabled - ON Implicit Flow Enabled - OFF Direct Access Grants Enabled - ON Authorization Enabled - OFF Root URL - Valid Redirect URIs - http:// <<myapplicationIP>>:<<myapplicationPort>>/admin/* Base URL - http://<<myapplicationIP>>:<<myapplicationPort>>/admin Admin URL - Web Origins - With this configuration, the first time when I hit http://<<myapplicationIP>>:<<myapplicationPort>>/admin/ , I am getting redirected to http:// <<myapplicationIP>>:<<myapplicationPort>>/realms/master/protocol/openid-connect /auth?client_id=client1&redirect_uri=http%3A%2F%2F<<myapplicationIP>>%3A<<myapplicationPort>>%2Fadmin%2F&state=c524eb6c-9245-4f82-87e9-e767dd733b0d&nonce=760809b5-b2d5-4c3e-9d76-40cd43bdef0d&response_mode=fragment&response_type=code&scope=openid and I get 404 which is expected since keycloak is trying to redirect to http://<<myapplicationIP>>:<<myapplicationPort>>/realms/... which does not exist in our application. Scenario 2: When I do the same thing as scenario 1 except the way keycloak.js is loaded, everything works as expected. <script src="http:// <<keycloakServerIP>>:<<keycloakServerPort>>/auth/js/keycloak.js"></script> So, what is operationally different between bundling keycloak.js and loading it at run time ? - Karthik