Hello Colleagues,

I started evaluating Keycloak 17.0.0 two days ago because I wanted to check out the new Quarkus way. I am currently using the following configuration:

https-certificate-file=${kc.home.dir}/conf/keycloak.ssl.crt
https-certificate-key-file=${kc.home.dir}/conf/keycloak.ssl.key
# hostname-admin=keycloak-admin.some.internal.dns.entry

# did not seem to get used?
# http-relative-path=/auth

hostname=my.external.domain
proxy=edge
# still unsure how this is used.
hostname-path=auth

I could create the initial credentials signing into http://127.0.0.1:8080. When I then tried to follow the link to the admin interface I got redirected to https://my.external.domain/admin/. The result was 403 Forbidden. When I try accessing Keycloak via https://my.external.domain` I can very well see the initial Keycloak welcome page. On that page the link Administration Console also points to the admin URL I wrote above.

1. Why does the welcome page work, but the admin page fails? Do I miss a crucial configuration property?
2. As you can guess I also tried using a dedicated hostname-admin. This is an internal URL so I would need to use it including the port. But when accessing it I get redirected to the a URL without any port. I do not want to also run an internal reverse proxy just to resolve this issue.

I hope you can give me some guidance about what I am doing wrong.