diff --git a/frappe/integrations/doctype/social_login_key/social_login_key.py b/frappe/integrations/doctype/social_login_key/social_login_key.py
index 6f65c2c642..231fe71d8e 100644
--- a/frappe/integrations/doctype/social_login_key/social_login_key.py
+++ b/frappe/integrations/doctype/social_login_key/social_login_key.py
@@ -88,8 +88,6 @@ class SocialLoginKey(Document):
 			frappe.throw(
 				_("Please enter Client Secret before social login is enabled"), exc=ClientSecretNotSetError
 			)
-		if self.social_login_provider == "Keycloak":
-			self.api_endpoint = self.base_url + "/protocol/openid-connect/userinfo"
 
 	def set_icon(self):
 		icon_map = {
@@ -219,10 +217,9 @@ class SocialLoginKey(Document):
 		providers["Keycloak"] = {
 			"provider_name": "Keycloak",
 			"enable_social_login": 1,
-			"base_url": "realms/master",
 			"custom_base_url": 1,
 			"redirect_url": "/api/method/frappe.integrations.oauth2_logins.login_via_keycloak/keycloak",
-			"api_endpoint": "realms/masterl/protocol/openid-connect/userinfo",
+			"api_endpoint": "/protocol/openid-connect/userinfo",
 			"api_endpoint_args": None,
 			"authorize_url": "/protocol/openid-connect/auth",
 			"access_token_url": "/protocol/openid-connect/token",
diff --git a/frappe/utils/oauth.py b/frappe/utils/oauth.py
index 002ebabcf0..28de03e785 100644
--- a/frappe/utils/oauth.py
+++ b/frappe/utils/oauth.py
@@ -28,6 +28,11 @@ def get_oauth2_providers() -> dict[str, dict]:
 		if provider.custom_base_url:
 			authorize_url = provider.base_url + provider.authorize_url
 			access_token_url = provider.base_url + provider.access_token_url
+
+		# Keycloak needs this, the base URL also has a route, that urljoin() ignores
+		if provider.name == "keycloak":
+			provider.api_endpoint = provider.base_url + provider.api_endpoint
+
 		out[provider.name] = {
 			"flow_params": {
 				"name": provider.name,