Before reporting an issue

[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

oidc

Describe the bug

There is a 405 error code when calling the "certs" endpoint (e.g. http://localhost:8080/realms/master/protocol/openid-connect/certs) with HEAD http method on RHBK 26.

This issue wasn't happening on RHBK 22, as the endpoint was responding with 200 code.

Version

Any Keycloak since 24 or newer

Regression

[x] The issue is a regression

Expected behavior

There should be a successful response to the HEAD request to the "certs" endpoint. Method HEAD should behave in a same way as method GET . It should just omit to return a body.

Actual behavior

There is 405 error in response to the HEAD request to the certs endpoint (even if GET method works).

Some Keycloak endpoints are working with HEAD method (For example well-known endpoint http://localhost:8080/realms/master/.well-known/openid-configuration ). Some others are not. Some resteasy resource classes are broken, probably due the bug in quarkus resteasy-reactive .

How to Reproduce?

• Start Keycloak server

• Run this request
  curl -vk http://localhost:8080/realms/master/protocol/openid-connect/certs -I --http1.1

• It works without parameter -I (which means calling regular GET instead of HEAD)

Anything else?

The issue happens since Keycloak 24 when resteasy-reactive was introduced.

It is caused by quarkus resteasy reactive bug: https://github.com/quarkusio/quarkus/issues/49172