We have a JSF Application running on a tomcat 9 and we are using keycloak (v10.0.2) for login.

Because

My Pom.xml includes (we are using Java 8 and I couldn't get a newer pac4j version to compile)

   <dependency>
        <groupId>org.pac4j</groupId>
        <artifactId>j2e-pac4j</artifactId>
        <version>4.1.0</version>
    </dependency>
    <dependency>
        <groupId>org.pac4j</groupId>
        <artifactId>pac4j-oidc</artifactId>
        <version>3.9.0</version>
    </dependency>

CodePudding user response：

My problem was a keycloak misconfiguration in my keycloak test instance.

I had the "offline-access" Client Scope added to my Default Client Scopes.