With regards to: https://issues.jboss.org/browse/KEYCLOAK-881 https://issues.jboss.org/browse/KEYCLOAK-878 Are they not both caused by the adapter redirecting to login page on non-GET requests? Would it not make sense to only do a redirect for GET requests and return a 401 for other request types?