Hi there!
Wow that’s pretty nice that it’s finally working now! 
Last time I looked into it, the certificate chain broke everything.
Just to make this doesn’t break the next time when you run foreman-installer, you need to call the httpd config file in a specific way: i.e. foreman-openidc_oidc_keycloak_Foreman_Realm.conf (Keycloak OIDC Prerequisites)
If you don’t do that, foreman-installer will delete that file on the next run again.
+ the foreman-installer --foreman-keycloak true --foreman-keycloak-app-name "foreman-openidc" --foreman-keycloak-realm "*Foreman_Realm*" command might be necessary to be run to make it stick 
Glad you could make it work, will have to test that soon