Context
• IdP: Keycloak (Netty technology) behind AWS CloudFront
• Objective: Use agentless Real User Monitoring with JavaScript tag (Dynatrace CDN)
• Desired beacon endpoint (agentless): Dynatrace SaaS/Cluster (…bf.dynatrace.com/bf)

What we've already done
• We inserted the CDN snippet (…_complete.js) in the <head> of the realm's login theme.
• Network: Confirmed no blocking for https://js-cdn.dynatrace.com.
• Manual test (Console): By injecting _complete.js from the CDN, the session appears in Dynatrace (beacon for /bf OK). Sometimes, the js returns a 404 when manually injected through the Dev Tools console. Symptoms Observed
• On login screens, the CDN snippet isn't rendered in the HTML (DevTools doesn't display the js tag).

Important — OneAgent Auto-Injection
The agentless option was chosen because automatic injection wasn't working.
In other words, neither agentless mode is rendering the tag in the login HTML, nor was auto-injection able to serve ruxitagentjs.

Questions
In Keycloak (Netty), are there specific recommendations on where to include the tag in the login theme?
Any specific tips or checklists for Keycloak + Netty + RUM agentless would be greatly appreciated. Thank you!