This has been fixed, the culprit was related to the use of multiple pods within Keycloak and the fact the pod handling the original Authorization Flow request (for the client to effectively receive an access token) was not the one effectively responding back to the POST of the application itself. I was confident using the haproxy.router.openshift.io/balance source annotation would have fixed it (see [1]) but that wasn't the case, will look in the future how to handle this properly and / or consult internally.
[1] https://docs.openshift.com/container-platform/3.6/architecture/networking/routes.html#load-balancing