Whenever you’ve activated policy enforcement, e.g. in your keycloak.json via "policy-enforcer": {}, make sure your auth-server-url doesn’t end with a slash ‘/’. Otherwise, you will see very likely exceptions in the JBoss log like:
org.keycloak.authorization.client.util.HttpResponseException: Unexpected response from server: 404 / Not Found / Response from server: {"error":"RESTEASY003210:
Could not find resource for full path: http://localhost:8180/auth//realms/<<REALM-NAME>>/.well-known/uma2-configuration"}
Don’t : "auth-server-url": "http://localhost:8180/auth/"
Do: "auth-server-url": "http://localhost:8180/auth"