diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml
index 269ed2e..be2d358 100644
--- a/ccp/docker-compose.yml
+++ b/ccp/docker-compose.yml
@@ -81,7 +81,7 @@ services:
       --provider-display-name="VerbIS Login"
       --client-id="${KEYCLOAK_PRIVATE_CLIENT_ID}"
       --client-secret="${OIDC_CLIENT_SECRET}"
-      --redirect-url="https://${HOST}/oauth2/callback"
+      --redirect-url="https://${HOST}${OAUTH2_CALLBACK}"
       --oidc-issuer-url="${KEYCLOAK_ISSUER_URL}"
       --scope="openid email profile"
       --code-challenge-method="S256"
diff --git a/ccp/modules/mtba-setup.sh b/ccp/modules/mtba-setup.sh
index 53b4ce0..cdf0f31 100644
--- a/ccp/modules/mtba-setup.sh
+++ b/ccp/modules/mtba-setup.sh
@@ -8,5 +8,6 @@ function mtbaSetup() {
       exit 1;
     fi
     OVERRIDE+=" -f ./$PROJECT/modules/mtba-compose.yml"
+    add_private_oidc_redirect_url "/mtba/*"
   fi
 }
diff --git a/ccp/vars b/ccp/vars
index 62a8df3..94b79f0 100644
--- a/ccp/vars
+++ b/ccp/vars
@@ -22,6 +22,9 @@ KEYCLOAK_REALM="${KEYCLOAK_REALM:-test-realm-01}"
 KEYCLOAK_URL="https://login.verbis.dkfz.de"
 KEYCLOAK_ISSUER_URL="${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}"
 KEYCLOAK_GROUP_CLAIM="groups"
+OAUTH2_CALLBACK=/oauth2/callback
+
+add_private_oidc_redirect_url "${OAUTH2_CALLBACK}"
 POSTGRES_TAG=15.6-alpine
 
 for module in $PROJECT/modules/*.sh