Endless redicretion loop with redirect_uri_path set

[devent]

Hello. I'm trying out Kong and so far I have configured it with service and route. Service: https://bar.foo.com/bar-spring-analysis-service/bar-spring-analysis-service/analysis Route: /bar-spring-analysis-service/analysis I added the kong-oidc plugin with Keycloak as the provider. The Kong proxy must be called at the URL: https://bar.foo.com/bar-spring-analysis-proxy/analysis

If I do not set redirect_uri_path then the following is happening:

1. User opens https://bar.foo.com/bar-spring-analysis-proxy/analysis
2. Kong redirects to Keycloak: https://sso.andrea.muellerpublic.de/auth/realms/public/protocol/openid-connect/auth?response_type=code&client_id=kong.foo.com&state=7d7d40f6cebc33abdf686c8ac87acab0&redirect_uri=https%3A%2F%2Fbar.foo.com%2Fbar-spring-analysis-service%2Fanalysis%2F&nonce=13fc8d1620832537e0981e846d10713e&scope=openid
3. User login
4. Redirects to https://bar.foo.com/bar-spring-analysis-service/analysis/?state=7d7d40f6cebc33abdf686c8ac87acab0&session_state=ca179523-e115-4861-8bce-65040e96dc48&code=ac8d6ab9-b003-4534-b939-6caa1bbf060e.ca179523-e115-4861-8bce-65040e96dc48.26f6ad04-df4d-42be-aaf4-b3e450e44378
5. Tomcat shows a 404 page That is an expected behavior from Tomcat because the service is at https://bar.foo.com/bar-spring-analysis-service/bar-spring-analysis-service/analysis/

Why does it redirect to the upstream URL?

Now I set redirect_uri_path to /bar-spring-analysis-proxy/analysis

1. User opens https://bar.foo.com/bar-spring-analysis-proxy/analysis
2. Kong redirects to Keycloak: https://sso.andrea.muellerpublic.de/auth/realms/public/protocol/openid-connect/auth?response_type=code&client_id=kong.foo.com&state=03d66c606ce07462ab499b914456f458&redirect_uri=https%3A%2F%2Fbar.foo.com%2Fbar-spring-analysis-proxy%2Fanalysis&nonce=e09990011701d31cedce486bbee0a006&scope=openid
3. User login
4. Redirect to https://bar.foo.com/bar-spring-analysis-proxy/analysis?state=03d66c606ce07462ab499b914456f458&session_state=e29293ed-7072-4192-a0dd-1631aa25d456&code=d3fcafa2-ca5e-4bed-8676-dc88f24f69b1.e29293ed-7072-4192-a0dd-1631aa25d456.26f6ad04-df4d-42be-aaf4-b3e450e44378
5. Redirect to https://sso.andrea.muellerpublic.de/auth/realms/public/protocol/openid-connect/auth?response_type=code&client_id=kong.foo.com&state=9c205203623c48df7f62ed3be3e644f6&redirect_uri=https%3A%2F%2Fbar.foo.com%2Fbar-spring-analysis-proxy%2Fanalysis&nonce=e7b420662f15b0901e80f27888520273&scope=openid
6. Redirect to https://bar.foo.com/bar-spring-analysis-proxy/analysis?state=xx&session_state=yy
7. Repeats step 4.

The redirect in step 4. should be correct? kong-oidc should get the response from Keycloak and mark the user as authenticated.

Did I made some configuration mistake?