Help a Dummy Troubleshoot ADFS as an Identity Provider

I have a web application with a Java REST API (using Javalin and its pac4j implementation) and a ReactJS frontend with a pretty sign in page. Previously I had been using auth0’s lock.js implementation to secure my application but now I want to use my own keycloak server.

I have my keycloak server configured and have followed this guide to get my ADFS relying trust configured.

When the user presses the login button on the React frontend, a basic fetch is made to the JAVA API where a before filter should then consult a KeycloakOIDCConfiguration similar to the OIDCConfiguration shown in the example here

From there I’m completely stumped. I have done code grants before through auth0 but I am completely failing to grasp what to do next here.

So I make the request from the web server to the keycloak server which should then redirect to ADFS. Then the user should sign in and the ADFS server should send a code back. My application is not getting to the redirect portion. Can someone help me troubleshoot?

My ADFS server is the only identity provider configured for my realm. Shouldn’t the keycloak server automatically redirect to it?

Here is the relevant part of my main method on my web app:

    Config securityConfig = new ADFSConfigFactory().build();
    CallbackHandler callback = new CallbackHandler(securityConfig, null, true);
    SecurityHandler adfsHandler = new SecurityHandler(securityConfig, "MyClientID", "");

Here is the relevant part of my config factory:

public class ADFSConfigFactory implements ConfigFactory {

private static GeneralDaoService genSVC = AbstractDaoFactory.getDBDaoFactory().getGeneralDaoService();

public ADFSConfigFactory() {

public Config build(Object... parameters) {
        //Pull callback url, clientid, and secret, from database
        SysProps sProps = genSVC.getSysProps();

        KeycloakOidcConfiguration oidcConfiguration = new KeycloakOidcConfiguration();
        KeycloakOidcClient oidcClient = new KeycloakOidcClient(oidcConfiguration);
        Clients clients = new Clients(sProps.getServerAddr(), oidcClient);
        return new Config(clients);
    catch(Exception e){
    return null;


I have narrowed the issue down to an invalid redirect URL. At first I thought it was my reverse proxy but I have configured the proxy-address setting and my proxy is working to server the admin page perfectly. The weird issue with the redirect is, I have set the redirect URL for my client and for some reason no matter how many times I change it for the account client, the redirect stays the same. I’m going to change the title of this forum post to reflect the issue.

Edit: It is too late. I cannot edit the post title.