Need some help here

Upon my understanding kong allows us to centralize all the common services (like authentication) for all our microservices, right ?

Now let’s see my situation : suppose that my kong is exposed on mysite:8000, I’m trying to secure my services with keycloak, I expose kong and use it to redirect to all my services that aren’t exposed externally, to make sure that all requests pass by kong … whenever an unauthenticated user send a request to kong, he will be redirected to the keycloak authentication page, now that the problem is that, keycloak isn’t exposed, and what happens is that, when I will open mysite:8000/my-service, I get redirect to mysite:8000/auth/ (keycloak’s authentication page) which doesn’t exists on keycloak, but exists actually on another port (8080 for example), so… am I doing something wrong ?

Another thing I noticed is when I redirect to another website from my kong api, sometimes the css, scripts and links stop working (because, I guess, the browser is searching them on the kong route…) , is this something normal ?