Invalid destination for keycloak docker behind proxy

I am running the keycloak:15.0.2 version on docker which has the following architecture
load balancer → ingress service → keycloak application
my load balancer is hosted as login.bsstag.com and my keycloak application is hosted as login2, therefore, my ACS URL hostname is login
now when I try IDP initiated login I get an error as below:

Env variables in Docker-compose.yml
- env:
- name: DB_VENDOR
value: MYSQL
- name: DB_ADDR
value: ##
- name: DB_DATABASE
value: ##
- name: DB_USER
value: ##
- name: PROXY_ADDRESS_FORWARDING
value: “true”
- name: KC_HOSTNAME_STRICT
value: “false”
- name: KC_PROXY
value: passthrough
- name: KC_HOSTNAME
value: login
- name: KC_HOSTNAME_PATH
value: https://login.bsstag.com

You are mixing a few things here:

  1. the KC_ env variables are only accepted for keycloak quarkus (kc>=18). So I would recommend to switch to KC 18 (KC19 has still some problems).

probaly you want edge, unless keycloak should do the TLS termination

this should be the FQDN

This is not needed unless you need strict compat with older releases and should tne be set to " auth"
It specifies the sub-path under which the realms are accessible.

do we have a solution for jboss/keycloak instead of quarkus?