diff --git a/group_vars/all b/group_vars/all
index fe669388..18c9983b 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -217,10 +217,10 @@ akaunting_company_email:      "{{administrator_email}}"
 akaunting_setup_admin_email:  "{{administrator_email}}"
 
 #### Attendize 
-attendize_version:              "latest"
+attendize_version:                "latest"
 
 #### Baserow 
-baserow_version:                "latest"
+baserow_version:                  "latest"
 
 #### Big Blue Button
 bigbluebutton_enable_greenlight:  "true"
@@ -244,7 +244,14 @@ joomla_version:                   "latest"
 #### Keycloak
 keycloak_version:                 "latest"
 keycloak_administrator_username:  "{{administrator_username}}"  # Administrator Username for Keycloak
-keycloak_oidc_active:             true                          # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect
+
+##### Keycloak Client Configuration
+oidc_client_active:               true  # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect
+oidc_client_id:                   "{{primary_domain}}"
+oidc_client_realm:                "{{primary_domain}}"   
+oidc_client_issuer_url:           "https://{{domain_keycloak}}/realms/{{oidc_client_realm}}"
+oidc_client_discovery_document:   "{{oidc_client_issuer_url}}/.well-known/openid-configuration"
+# oidc_client_secret:             "{{oidc_client_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
 
 #### LDAP
 ldap_lam_version:                     "latest"
@@ -304,17 +311,14 @@ oauth2_proxy_redirect_url:                    "https://{{domain_keycloak}}/auth/
 # oauth2_proxy_port:                          >= 4180                                   # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy.
 oauth2_proxy_upstream_application_and_port:   "application:80"                          # The name of the application which the server redirects to. Needs to be defined in role vars.
 oauth2_proxy_allowed_roles:                   admin                                     # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
-oauth2_proxy_client_id:                       "{{primary_domain}}"                      # The id of the client application
-oauth2_proxy_client_secret:                   "{{primary_oauth2_proxy_client_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
-oauth2_proxy_cookie_secret:                   "{{primary_oauth2_proxy_cookie_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
-oauth2_proxy_oidc_issuer_url:                 "https://{{domain_keycloak}}/realms/{{primary_domain}}"
+#oauth2_proxy_cookie_secret:                  "{{oauth2_proxy_cookie_secret}}"          # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
 
 #### Peertube
-peertube_version:                         "bookworm"
+peertube_version:           "bookworm"
 
 #### PHPMyAdmin
-phpmyadmin_version:                       "latest"
-phpmyadmin_autologin:                     false     # This is a high security risk. Just activate this option if you know what you're doing
+phpmyadmin_version:         "latest"
+phpmyadmin_autologin:       false     # This is a high security risk. Just activate this option if you know what you're doing
 
 #### Pixelfed
 pixelfed_app_name:          "Pictures on {{primary_domain}}"
diff --git a/roles/docker-bigbluebutton/templates/env.j2 b/roles/docker-bigbluebutton/templates/env.j2
index 5c57a622..9df8ae3e 100644
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@@ -281,12 +281,12 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
 #   approval - For approve/decline registration
 DEFAULT_REGISTRATION=invite
 
-{% if keycloak_oidc_active | bool %}
+{% if oidc_client_active | bool %}
 ### EXTERNAL AUTHENTICATION METHODS
 # @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
 #
-OPENID_CONNECT_CLIENT_ID={{oauth2_proxy_client_id}}
-OPENID_CONNECT_CLIENT_SECRET={{oauth2_proxy_client_secret}}
-OPENID_CONNECT_ISSUER={{oauth2_proxy_oidc_issuer_url}}
+OPENID_CONNECT_CLIENT_ID={{oidc_client_id}}
+OPENID_CONNECT_CLIENT_SECRET={{oidc_client_secret}}
+OPENID_CONNECT_ISSUER={{oidc_client_issuer_url}}
 OPENID_CONNECT_REDIRECT=https://{{domain}}
 {% endif %}
\ No newline at end of file
diff --git a/roles/docker-discourse/templates/discourse_application.yml.j2 b/roles/docker-discourse/templates/discourse_application.yml.j2
index 7394902e..c077fc22 100644
--- a/roles/docker-discourse/templates/discourse_application.yml.j2
+++ b/roles/docker-discourse/templates/discourse_application.yml.j2
@@ -112,6 +112,15 @@ run:
   ## If you want to set the 'From' email address for your first registration, uncomment and change:
   ## After getting the first signup email, re-comment the line. It only needs to run once.
   #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
+{% if oidc_client_active | bool %}
+  - exec: rails r "SiteSetting.openid_connect_enabled = true"
+  - exec: rails r "SiteSetting.openid_connect_discovery_document = '{{oidc_client_discovery_document}}'"
+  - exec: rails r "SiteSetting.openid_connect_client_id = '{{oidc_client_id}}'"         
+  - exec: rails r "SiteSetting.openid_connect_client_secret = '{{oidc_client_secret}}'"     
+  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = ''"
+  - exec: rails r "SiteSetting.openid_connect_allow_association_change = false"
+  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true"
+{% endif %}
   - exec: echo "End of custom commands"
 
 docker_args:
diff --git a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
index 0f02fa76..4ada55e6 100644
--- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -7,10 +7,10 @@ cookie_domains          =   ["{{domain}}", "{{domain_keycloak}}"]
 whitelist_domains       =   [".{{primary_domain}}"]                                 # Required to allow redirection back to original requested target.
 
 # keycloak provider
-client_secret           =   "{{oauth2_proxy_client_secret}}"
-client_id               =   "{{oauth2_proxy_client_id}}"
+client_secret           =   "{{oidc_client_secret}}"
+client_id               =   "{{oidc_client_id}}"
 redirect_url            =   "https://{{domain}}/oauth2/callback"
-oidc_issuer_url         =   "{{oauth2_proxy_oidc_issuer_url}}"
+oidc_issuer_url         =   "{{oidc_client_issuer_url}}"
 provider                =   "oidc"
 provider_display_name   =   "Keycloak"