Spring boot/security weird issue accessing root url

I have a spring boot / thymeleaf app using the keycloak and spring security starters, if I navigate to my app at a non root url e.g. http://localhost:8080/events then I’m redirected to the keycloak server and can register / login / logout etc all works fine. If I navigate in a new private browser window to http://localhost:8080 it doesn’t seem to see that as a protected URL and my app throws a 500 error. However if I’m already logged in then going to http://localhost:8080 works fine. My spring security config is as follows (extra keycloak beans aside):

protected void configure(HttpSecurity http) throws Exception {
        .antMatchers(HttpMethod.GET, "/css/**", "/js/**", "/favicon.ico", "/matcss", "/bulmacss").permitAll()

Can’t believe this is a bug must be some misconfiguration on my part. I’ve setup up all the URLs as Valid redirect URLs in the keycloak client but the root one isn’t being redirected to the keycloak server.
Any ideas?

Latest versions of spring boot / keycloak starter