diff --git a/docs/configuring-playbook-nginx.md b/docs/configuring-playbook-nginx.md
index e0b4911ef..8fd9f6664 100644
--- a/docs/configuring-playbook-nginx.md
+++ b/docs/configuring-playbook-nginx.md
@@ -23,3 +23,12 @@ matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses:
 - 8.8.8.8
 - 1.1.1.1
 ```
+
+## Using Keycloak OIDC SSO
+
+If you want to use Keycloak OpenId Connect as SSO provider - see [synapse doc](https://github.com/matrix-org/synapse/blob/develop/docs/openid.md) - , you need to enable following variable to instruc nginx to proceed location /_synapse/oidc/callback  
+
+```yaml
+matrix_nginx_proxy_proxy_matrix_synapse_oidc_provider_keycloak: true
+```
+
diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index 6d9ff33bd..9b2f469b3 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -273,3 +273,6 @@ matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
 # nginx status page configurations.
 matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false
 matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']
+
+# nginx configuration for synapse auth via openidconnect with keycloak
+matrix_nginx_proxy_proxy_matrix_synapse_oidc_provider_keycloak: false
diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
index adbee18e6..24ecdb7c4 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
@@ -67,6 +67,28 @@
 	}
 	{% endif %}
 
+        {% if matrix_nginx_proxy_proxy_matrix_synapse_oidc_provider_keycloak %}
+        location /_synapse/oidc/callback {
+                {% if matrix_nginx_proxy_enabled %}
+                        {# Use the embedded DNS resolver in Docker containers to discover the service #}
+                        resolver 127.0.0.11 valid=5s;
+                        set $backend "{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}";
+                        proxy_pass http://$backend;
+                {% else %}
+                        {# Generic configuration for use outside of our container setup #}
+                        proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container }};
+                {% endif %}
+
+                proxy_set_header Host $host;
+                proxy_set_header X-Forwarded-For $remote_addr;
+
+                client_body_buffer_size 25M;
+                client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
+                proxy_max_temp_file_size 0;
+        }
+        {% endif %}
+
+
 	{% if matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled %}
 	location ^~ /_matrix/client/r0/user_directory/search {
 		{% if matrix_nginx_proxy_enabled %}