That makes sense, thank you! 
I added them with JAVA_OPTS_APPEND
and they do show up as JAVA_OPTS
when starting the container. However this did not fix the issue, I still get the timeout error sometimes.
I activated the DEBUG log level and I see this log when the authentication fails:
11:24:06,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
11:24:06,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
11:24:06,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper commit
11:24:06,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
11:24:06,467 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$1691/0x0000000841612440
11:24:08,159 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) new JtaTransactionWrapper
11:24:08,159 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) was existing? false
11:24:08,161 DEBUG [org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint] (default task-18) PKCE non-supporting Client
11:24:08,161 DEBUG [org.keycloak.services.util.CookieHelper] (default task-18) AUTH_SESSION_ID cookie found in the request header
11:24:08,161 DEBUG [org.keycloak.services.util.CookieHelper] (default task-18) AUTH_SESSION_ID cookie found in the cookie field
11:24:08,161 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (default task-18) Found AUTH_SESSION_ID cookie with value b6162fed-f16f-4983-8713-dfad47866a83.fv-keycloak-dbs-1-tw6sq
11:24:08,161 DEBUG [org.keycloak.protocol.AuthorizationEndpointBase] (default task-18) Sent request to authz endpoint. Root authentication session with ID 'b6162fed-f16f-4983-8713-dfad47866a83' exists. Client is 'express-server' . Created new authentication session with tab ID: R2Q7PdUg-2c
11:24:08,162 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (default task-18) AUTHENTICATE
11:24:08,162 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (default task-18) AUTHENTICATE ONLY
11:24:08,162 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) processFlow: browser
11:24:08,162 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) check execution: 'auth-cookie', requirement: 'ALTERNATIVE'
11:24:08,162 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) authenticator: auth-cookie
11:24:08,162 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-18) Going through the flow 'browser' for adding executions
11:24:08,162 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-18) Going through the flow 'forms' for adding executions
11:24:08,162 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-18) Selections when trying execution 'auth-cookie' : [ authSelection - auth-cookie, authSelection - identity-provider-redirector, authSelection - auth-username-password-form]
11:24:08,162 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) invoke authenticator.authenticate: auth-cookie
11:24:08,162 DEBUG [org.keycloak.services.util.CookieHelper] (default task-18) Could not find cookie KEYCLOAK_IDENTITY, trying KEYCLOAK_IDENTITY_LEGACY
11:24:08,162 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-18) Could not find cookie: KEYCLOAK_IDENTITY
11:24:08,162 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) authenticator ATTEMPTED: auth-cookie
11:24:08,162 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) check execution: 'identity-provider-redirector', requirement: 'ALTERNATIVE'
11:24:08,162 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) authenticator: identity-provider-redirector
11:24:08,162 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-18) Going through the flow 'browser' for adding executions
11:24:08,163 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-18) Going through the flow 'forms' for adding executions
11:24:08,163 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-18) Selections when trying execution 'identity-provider-redirector' : [ authSelection - identity-provider-redirector, authSelection - auth-username-password-form]
11:24:08,163 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) invoke authenticator.authenticate: identity-provider-redirector
11:24:08,163 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) authenticator ATTEMPTED: identity-provider-redirector
11:24:08,163 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) check execution: 'forms flow', requirement: 'ALTERNATIVE'
11:24:08,163 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) processFlow: forms
11:24:08,163 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) check execution: 'auth-username-password-form', requirement: 'REQUIRED'
11:24:08,163 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) authenticator: auth-username-password-form
11:24:08,163 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-18) Going through the flow 'browser' for adding executions
11:24:08,163 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-18) Going through the flow 'forms' for adding executions
11:24:08,163 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-18) Selections when trying execution 'auth-username-password-form' : [ authSelection - auth-username-password-form]
11:24:08,163 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-18) invoke authenticator.authenticate: auth-username-password-form
11:24:08,163 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) new JtaTransactionWrapper
11:24:08,163 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) was existing? true
11:24:08,163 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper commit
11:24:08,163 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper end
11:24:08,163 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper resuming suspended
11:24:08,167 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper commit
11:24:08,167 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper end
11:24:09,075 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) new JtaTransactionWrapper
11:24:09,075 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) was existing? false
11:24:09,076 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-18) Sending authentication request to identity provider [microsoft].
11:24:09,077 DEBUG [org.keycloak.services.resources.SessionCodeChecks] (default task-18) Will use client 'express-server' in back-to-application link
11:24:09,077 DEBUG [org.keycloak.services.util.CookieHelper] (default task-18) AUTH_SESSION_ID cookie found in the request header
11:24:09,077 DEBUG [org.keycloak.services.util.CookieHelper] (default task-18) AUTH_SESSION_ID cookie found in the cookie field
11:24:09,077 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (default task-18) Found AUTH_SESSION_ID cookie with value b6162fed-f16f-4983-8713-dfad47866a83.fv-keycloak-dbs-1-tw6sq
11:24:09,077 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) new JtaTransactionWrapper
11:24:09,077 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) was existing? true
11:24:09,077 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper commit
11:24:09,078 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper end
11:24:09,078 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper resuming suspended
11:24:09,078 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-18) Authorization code is valid.
11:24:09,078 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) new JtaTransactionWrapper
11:24:09,078 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) was existing? true
11:24:09,079 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper commit
11:24:09,079 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper end
11:24:09,079 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper resuming suspended
11:24:09,079 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-18) Identity provider [org.keycloak.broker.oidc.OIDCIdentityProvider@794f4780] is going to send a request [org.jboss.resteasy.specimpl.BuiltResponse@3971e691].
11:24:09,080 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper commit
11:24:09,080 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) JtaTransactionWrapper end
11:24:09,321 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) new JtaTransactionWrapper
11:24:09,321 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-18) was existing? false
11:24:11,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
11:24:11,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
11:24:11,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper commit
11:24:11,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
11:24:11,467 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$1691/0x0000000841612440
11:24:16,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
11:24:16,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
11:24:16,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper commit
11:24:16,468 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
11:24:16,468 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$1691/0x0000000841612440
11:24:21,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
11:24:21,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
11:24:21,467 DEBUG [org.keycloak.models.sessions.infinispan.changes.sessions.PersisterLastSessionRefreshStore] (Timer-2) Updating 0 userSessions with lastSessionRefresh: 1617967401
11:24:21,468 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper commit
11:24:21,468 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
11:24:21,468 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$1691/0x0000000841612440
11:24:26,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
11:24:26,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
11:24:26,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper commit
11:24:26,467 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
11:24:26,467 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$1691/0x0000000841612440
11:24:31,468 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
11:24:31,468 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
11:24:31,468 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper commit
11:24:31,468 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
11:24:31,468 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$1691/0x0000000841612440