I'm having trouble integrating my jax-rs app with keycloak

I’m new to keycloak. I have successfully set up the keycloak server following the guide on bare metal (centos 9). I have set up the production environment using public SECURE https auth. mydomain. com, proxied with apache, and plain http admin.mydomain.local:8888 for admin url.
Everything works fine, even tested with the [keycloak]/app/) to test the realm, user, token and it works fine. POST to auth. mydomain. com/realms/myrealm/protocol/openid-connect/token also works fine.
I’m having trouble securing my jax-rs endpoints, built on jakarta-ee-9, deployed as war on tomee 9.
I have installed the tomcat adapter as specified in keycloak/docs/latest/securing_apps/index.html#_tomcat_adapter
with the following keycloak.json config:
“realm”: “myrealm”,
“auth-server-url”: “https ://auth.mydomain.com”,
“ssl-required”: “none”,
“resource”: “cert”,
“bearer-only”: true

  1. Is my setup ok? Am I missing something?
  2. Why is the tomcat adapter deprecated? What should we use instead?
  3. What should be the auth-server-url value, the public auth url or the admin url (backchannel ?)

With the above setup, I am getting the following response:

<!doctype html>HTTP Status 401 – Unauthorizedbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}

HTTP Status 401 – Unauthorized

Type Status Report

Description The request has not been applied because it lacks valid authentication credentials for the target resource.

Apache Tomcat (TomEE)/10.0.27 (9.1.0)

If I change the auth-method in web.xml from BASIC to KEYCLOAK the webapp fails to start with the following error:
org.apache.catalina.startup.ContextConfig.authenticatorConfig Cannot configure an authenticator for method [KEYCLOAK]