diff --git a/playbooks/roles/keycloak/templates/docker-compose.yaml.j2 b/playbooks/roles/keycloak/templates/docker-compose.yaml.j2
index d4ea7c5610..303c5d9468 100644
--- a/playbooks/roles/keycloak/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/keycloak/templates/docker-compose.yaml.j2
@@ -4,18 +4,17 @@ version: '2'
 
 services:
   keycloak:
-    image: quay.io/keycloak/keycloak:19.0
+    image: quay.io/keycloak/keycloak:legacy
     network_mode: host
     restart: always
     environment:
-      KEYCLOAK_ADMIN: admin
-      KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak_admin_password }}"
+      - KEYCLOAK_USER=admin
+      - KEYCLOAK_PASSWORD="{{ keycloak_admin_password }}"
+      - DB_VENDOR=h2
+      - PROXY_ADDRESS_FORWARDING=true
     command:
-      - 'start'
-      - '--hostname-strict=false'
-      - '--http-enabled=true'
-      - '--http-host=127.0.0.1'
-      - '--proxy=edge'
+      -Djboss.bind.address.private=127.0.0.1
+      -Djboss.bind.address=127.0.0.1
     volumes:
       - /var/keycloak/data:/opt/jboss/keycloak/standalone/data
       - /var/log/keycloak:/opt/jboss/keycloak/standalone/log
diff --git a/testinfra/test_keycloak.py b/testinfra/test_keycloak.py
index 8e272cd542..7e63228084 100644
--- a/testinfra/test_keycloak.py
+++ b/testinfra/test_keycloak.py
@@ -29,9 +29,9 @@ def test_keycloak_openid_config(host):
     # the proxy headers and is not hard-coded configuration.
     cmd = host.run('curl --insecure '
                    '--resolve keycloak.opendev.org:443:127.0.0.1 '
-                   'https://keycloak.opendev.org/realms/master'
+                   'https://keycloak.opendev.org/auth/realms/master'
                    '/.well-known/openid-configuration')
-    assert ('"issuer":"https://keycloak.opendev.org/realms/master"'
+    assert ('"issuer":"https://keycloak.opendev.org/auth/realms/master"'
             in cmd.stdout)
 
 def test_keycloak_admin_api(host):
@@ -47,7 +47,7 @@ def test_keycloak_admin_api(host):
                    '-d "grant_type=password" '
                    '-d "client_id=admin-cli" '
                    'https://keycloak.opendev.org'
-                   '/realms/master/protocol/openid-connect/token')
+                   '/auth/realms/master/protocol/openid-connect/token')
     token = json.loads(cmd.stdout)
     assert token["token_type"] == "Bearer"
     cmd = host.run('curl --insecure '
@@ -55,5 +55,6 @@ def test_keycloak_admin_api(host):
                    '-H "Authorization: Bearer %s" '
                    '-H "Content-Type: application/json" '
                    'https://keycloak.opendev.org'
-                   '/admin/realms/master/users/count' % token["access_token"])
+                   '/auth/admin/realms/master/users/count'
+                   % token["access_token"])
     assert cmd.stdout == "1"