From my understanding, OpenID is sort of a generic “Login with [Google/Facebook/Apple/whatever]” system where users can choose/create their own authentication provider. So, when a user wants to login using OpenID, they need to specify which provider they want to use by providing its “OpenID URI”.
This is not a security issue, unless you want to restrict users to logging in only by Keycloak. You can do this by specifying WHITELISTED_URIS in config.ini, or you can disable OpenID entirely by deleting the [openid] block in config.ini. See the config cheat sheet for more info.