Because there’s no reason to render a welcome page in a production environment, we don’t want KeyCloak to render the welcome page at /auth. We’d like it to return a 404 instead. Is this possible?
I am also facing the same problem.
Did you get any answer to this?
I dont know if there is a better solution.
But my suggestion would be to create a custom welcome theme that will give out this error.
Do you use a reverse proxy in front of Keycloak?
If yes, you could configure it to prevent access to /auth, except for some well-known endpoints like
^/auth/realms/(.*)/login-actions. You could even control access based on the source IP, e.g. to allow access from the local host or a whitelist of adresses only.
Did you find any solution to this?
You can use a custom cli script. Take a look at this:
Create a file called disable_welcome.cli containing:
This is how to instruct keycloak docker container to run the script at startup keycloak-containers/README.md at main · keycloak/keycloak-containers · GitHub
alternatively you can edit index.ftl ( keycloak-x.x.x/themes/keycloak/welcome )
and have you /auth page stripped to bare minimum
Or, what about something like…
in keycloak/welcome-content/index.html ?
my solution is to override
/opt/jboss/keycloak/themes/keycloak/welcome/index.ftl with following content.