diff --git a/roles/web-app-keycloak/tasks/main.yml b/roles/web-app-keycloak/tasks/main.yml
index 357de156..474f919f 100644
--- a/roles/web-app-keycloak/tasks/main.yml
+++ b/roles/web-app-keycloak/tasks/main.yml
@@ -47,7 +47,27 @@
           | list | first
       }}
     kc_force_attrs:
-      frontchannelLogout: true
+      publicClient: >-
+        {{
+          (KEYCLOAK_DICTIONARY_REALM.clients
+            | selectattr('clientId','equalto', KEYCLOAK_CLIENT_ID)
+            | map(attribute='publicClient')
+            | first)
+        }}
+      serviceAccountsEnabled: >-
+        {{
+          (KEYCLOAK_DICTIONARY_REALM.clients
+            | selectattr('clientId','equalto', KEYCLOAK_CLIENT_ID)
+            | map(attribute='serviceAccountsEnabled')
+            | first )
+        }}
+      frontchannelLogout:  >-
+        {{
+          (KEYCLOAK_DICTIONARY_REALM.clients
+            | selectattr('clientId','equalto', KEYCLOAK_CLIENT_ID)
+            | map(attribute='frontchannelLogout')
+            | first)
+        }}
       attributes: >-
         {{
           ( (KEYCLOAK_DICTIONARY_REALM.clients
diff --git a/roles/web-app-keycloak/templates/import/clients/default.json.j2 b/roles/web-app-keycloak/templates/import/clients/default.json.j2
index b806d4a1..5a539a8a 100644
--- a/roles/web-app-keycloak/templates/import/clients/default.json.j2
+++ b/roles/web-app-keycloak/templates/import/clients/default.json.j2
@@ -19,7 +19,7 @@
   "implicitFlowEnabled": true,
   "directAccessGrantsEnabled": true,
   "serviceAccountsEnabled": true,
-  "publicClient": false,
+  "publicClient": true,
   "frontchannelLogout": true,
   "protocol": "openid-connect",
   "attributes": {