The KeyCloak plugin should issue a redirect to the configured KeyCloak REALM if OAuth authentication is required but Authorization tokens are missing.

On initial access to published APIs, ApiMan only returns a 401, but there is no indication where the client can go to get an Authorization Token.

Subsequently, if the token has expired, the client should be redirected as well to negotiate a refresh, or re-authenticate.