Description

When running Keycloak behind a loadbalancer / reverse proxy, Keycloak needs to know the hostname and schema of the loadbalancer for users to be able to log in for all the redirects.

A lot of example explain how to set the hostname. Users then fail to log in as the loadbalancer is https, and Keycloak is running without https (which is shouldn't for security reasons). All they see is a blank screen, and only the browser console reveals some details.

It would be good to have a self-check as part of Keycloak's welcome screen which would check that the hostname and schema of the welcome screen match the settings in Keycloak. If they don't match, a descriptive error message should be shown, and logging in to the admin console should be disabled.

Discussion

No response

Motivation

Make it simpler for users to spot mis-configurations.

Details

No response