diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0d6f084a318470c21b3adac719565a73ad79216a..9b5c2cc288e2b5011df9cf44d0bb5e926d2f092d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -90,6 +90,7 @@ tests:
     NOMAD_RABBITMQ_HOST: rabbitmq
     NOMAD_ELASTIC_HOST: elastic
     NOMAD_MONGO_HOST: mongo
+    NOMAD_KEYCLOAK_CLIENT_SECRET: ${CI_KEYCLOAK_TEST_CLIENT_SECRET}
   script:
     - cd /app
     - python -m pytest --cov=nomad -sv tests
diff --git a/nomad/config.py b/nomad/config.py
index 2b6ebe8d065384633b61986e51d8c3660271577f..dd5d8dc99bd9c14c3f397cbb3b53dbb51716ff6f 100644
--- a/nomad/config.py
+++ b/nomad/config.py
@@ -111,14 +111,16 @@ elastic = NomadConfig(
     index_name='nomad_fairdi_calcs'
 )
 
+keycloak_base_url = 'https://labdev-nomad.esc.rzg.mpg.de/fairdi/keycloak/auth/'
+
 keycloak = NomadConfig(
-    server_url='http://localhost:8002/auth/',
-    issuer_url='http://localhost:8002/auth/realms/fairdi_nomad_test',
+    server_url=keycloak_base_url,
+    issuer_url=keycloak_base_url + 'realms/fairdi_nomad_test',
     realm_name='fairdi_nomad_test',
     username='admin',
     password='password',
     client_id='nomad_api_dev',
-    client_secret_key='ae9bb323-3793-4243-9e4b-f380c54e54e2'
+    client_secret='**********'
 )
 
 mongo = NomadConfig(
diff --git a/nomad/infrastructure.py b/nomad/infrastructure.py
index 0c26c666b277664e4719b528ca196d1019b25a28..a68a6861aeb63088ff2349b030fc993233ea406d 100644
--- a/nomad/infrastructure.py
+++ b/nomad/infrastructure.py
@@ -27,6 +27,7 @@ from mongoengine import connect
 import smtplib
 from email.mime.text import MIMEText
 from keycloak import KeycloakOpenID, KeycloakAdmin
+from keycloak.exceptions import KeycloakAuthenticationError
 import json
 import jwt
 from flask import g, request
@@ -119,7 +120,7 @@ class Keycloak():
                 server_url=config.keycloak.server_url,
                 client_id=config.keycloak.client_id,
                 realm_name=config.keycloak.realm_name,
-                client_secret_key=config.keycloak.client_secret_key)
+                client_secret_key=config.keycloak.client_secret)
 
         return self.__oidc_client
 
@@ -162,8 +163,10 @@ class Keycloak():
                 username, password = basicauth.decode(auth)
                 token_info = self._oidc_client.token(username=username, password=password)
                 g.oidc_access_token = token_info['access_token']
+            except KeycloakAuthenticationError:
+                return 'Could not authenticate, wrong credentials'
             except Exception as e:
-                # TODO logging
+                logger.error('Could not authenticate Basic auth', exc_info=e)
                 return 'Could not authenticate Basic auth: %s' % str(e)
 
         if g.oidc_access_token is not None: