Fix keycloak_context default from /auth to empty string

The /auth context path was used by legacy WildFly-based Keycloak but
is no longer needed for Quarkus-based Keycloak (17+) or RHBK. The
current default of /auth forces users to explicitly pass an empty
keycloak_context to avoid broken API URLs.

This changes the default to an empty string, updates argument_specs
and README documentation, and removes the now-unnecessary
keycloak_context: '' overrides from all molecule converge files.

Users on legacy WildFly-based Keycloak can still set
keycloak_context: /auth explicitly.

Made-with: Cursor

molecule/debian/converge.yml

@@ -13,7 +13,6 @@
     - role: keycloak_quarkus
     - role: keycloak_realm
       keycloak_url: "{{ keycloak_quarkus_hostname }}"
-      keycloak_context: ''
       keycloak_admin_user: "{{ keycloak_quarkus_bootstrap_admin_user }}"
       keycloak_admin_password: "{{ keycloak_quarkus_bootstrap_admin_password }}"
       keycloak_client_users:

molecule/default/converge.yml

@@ -18,7 +18,6 @@
     - role: keycloak_quarkus
     - role: keycloak_realm
       keycloak_url: "{{ keycloak_quarkus_hostname }}"
-      keycloak_context: ''
       keycloak_admin_user: "{{ keycloak_quarkus_bootstrap_admin_user }}"
       keycloak_admin_password: "{{ keycloak_quarkus_bootstrap_admin_password }}"
       keycloak_client_users:

molecule/quarkus/converge.yml

@@ -61,7 +61,6 @@
     - role: keycloak_quarkus
     - role: keycloak_realm
       keycloak_url: http://instance:8080
-      keycloak_context: ''
       keycloak_admin_user: "{{ keycloak_quarkus_bootstrap_admin_user }}"
       keycloak_admin_password: "{{ keycloak_quarkus_bootstrap_admin_password }}"
       keycloak_client_default_roles:

molecule/quarkus_devmode/converge.yml

@@ -17,7 +17,6 @@
     - role: keycloak_quarkus
     - role: keycloak_realm
       keycloak_url: "{{ keycloak_quarkus_hostname }}"
-      keycloak_context: ''
       keycloak_admin_user: "{{ keycloak_quarkus_bootstrap_admin_user }}"
       keycloak_admin_password: "{{ keycloak_quarkus_bootstrap_admin_password }}"
       keycloak_client_default_roles:

roles/keycloak_realm/README.md

@@ -12,7 +12,7 @@ Role Defaults
 |:---------|:------------|:--------|
 |`keycloak_admin_user`| Administration console user account | `admin` |
 |`keycloak_host`| hostname | `localhost` |
-|`keycloak_context`| Context path for rest calls | `/auth` |
+|`keycloak_context`| Context path for rest calls (set to `/auth` for legacy WildFly-based Keycloak) | `` |
 |`keycloak_http_port`| HTTP port | `8080` |
 |`keycloak_https_port`| TLS HTTP port | `8443` |
 |`keycloak_auth_realm`| Name of the main authentication realm | `master` |

roles/keycloak_realm/defaults/main.yml

@@ -9,7 +9,7 @@ keycloak_management_http_port: 9990
 keycloak_admin_user: admin
 keycloak_auth_realm: master
 keycloak_auth_client: admin-cli
-keycloak_context: /auth
+keycloak_context: ''
 
 # administrator console password, this is a required variable
 keycloak_admin_password: ''

roles/keycloak_realm/meta/argument_specs.yml

@@ -8,8 +8,8 @@ argument_specs:
                 type: "str"
             keycloak_context:
                 # line 5 of keycloak_realm/defaults/main.yml
-                default: "/auth"
-                description: "Context path for rest calls"
+                default: ""
+                description: "Context path for rest calls (was /auth for legacy WildFly-based Keycloak, empty for Quarkus-based Keycloak/RHBK)"
                 type: "str"
             keycloak_http_port:
                 # line 4 of keycloak_realm/defaults/main.yml