Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

docs

Describe the bug

If https passthrough is configured, http is disabled, and dynamic back channel is enabled, the certificate presented by the keycloak server will not match the hostname.

Version

all

Regression

• The issue is a regression

Expected behavior

The docs should highlight this scenario. We could emit a configuration warning if we're willing to assume that that not using proxy-headers means a passthrough setup.

Actual behavior

This situation is unclear.

How to Reproduce?

N/A

Anything else?

No response