So I changed the proxy_pass from http://guacamole/guacamole/ to
http://guacamole/ and re-ran the tests after updating the redirect URL in
guacamole.properties and keycloak.
Here are the logs from tomcat (on pastebin): https://pastebin.com/cqAsvK5s
Based on the logs, it appears to be trying to authenticate against JDBC
(Postgres) anonymously. I am not sure why this is happening, since I changed
the name of the auth extension so that it loads first. Note that I do have
users in postgres, would this make a difference?