OCIS behind HAProxy with Keycloak/Authentik

Hello everyone,

I am currently using a pfSense firewall with HAProxy. All externally available services are configured behind HAProxy.
My goal is to configure OCIS behind HAProxy with 2FA. For 2FA I tried Keycloak and Authentik. I had problems with both setups with “OIDC Callback” getting a 401 error. Seems like a problem with HAProxy and “Forward auth”?

Has anyone faced similar problems or are there any recommendations on how to configure OCIS behind a reverse proxy with 2FA?