Yes, it was because I have Keycloak in Kubernetes behind an Ingress service. I’m using Nginx Ingress. I needed to configure use_forward_headers to true. I also had to ensure that the incoming connection came into Nginx Ingress via HTTPS and port 443.
This issue happens when Keycloak thinks that the URL it is being contacted on is different than the URL in the payload. You have to make sure that all the X-Forward-* headers are being sent correctly and that Keycloak is configured to use them. Otherwise it might think it’s at a different URL then it really is at.