diff --git a/Webzine.WebApplication/Program.cs b/Webzine.WebApplication/Program.cs
index f5e142e..28b0483 100644
--- a/Webzine.WebApplication/Program.cs
+++ b/Webzine.WebApplication/Program.cs
@@ -99,6 +99,48 @@ static void AddKeycloakRolesFromAccessToken(ClaimsIdentity identity, string? acc
     AddKeycloakRolesFromJson(identity, payload, clientId);
 }
 
+static async Task LogKeycloakMetadataAsync(IConfiguration configuration, Logger logger)
+{
+    var metadataAddress = configuration["Keycloak:MetadataAddress"];
+    if (string.IsNullOrWhiteSpace(metadataAddress))
+    {
+        var authority = configuration["Keycloak:Authority"]?.TrimEnd('/');
+        metadataAddress = string.IsNullOrWhiteSpace(authority)
+            ? null
+            : authority + "/.well-known/openid-configuration";
+    }
+
+    if (string.IsNullOrWhiteSpace(metadataAddress))
+    {
+        logger.Warn("Diagnostic Keycloak ignore : aucune adresse de metadata configuree.");
+        return;
+    }
+
+    try
+    {
+        using var handler = new HttpClientHandler
+        {
+            ServerCertificateCustomValidationCallback =
+                HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
+        };
+        using var httpClient = new HttpClient(handler);
+        using var response = await httpClient.GetAsync(metadataAddress);
+        var content = await response.Content.ReadAsStringAsync();
+        var preview = content.Length > 500 ? content[..500] : content;
+
+        logger.Info(
+            "Diagnostic Keycloak metadata | Url: {MetadataAddress} | Status: {StatusCode} | ContentType: {ContentType} | Body: {BodyPreview}",
+            metadataAddress,
+            (int)response.StatusCode,
+            response.Content.Headers.ContentType?.ToString(),
+            preview.Replace(Environment.NewLine, " "));
+    }
+    catch (Exception exception)
+    {
+        logger.Error(exception, "Diagnostic Keycloak metadata impossible | Url: {MetadataAddress} | Message: {Message}", metadataAddress, exception.Message);
+    }
+}
+
 try
 {
     var builder = WebApplication.CreateBuilder(args);
@@ -324,6 +366,7 @@ try
     builder.Services.AddResponseCompression();
 
     var app = builder.Build();
+    await LogKeycloakMetadataAsync(builder.Configuration, logger);
 
     // Très important avant tout middleware qui lit le scheme/host de la requête.
     app.UseForwardedHeaders();
diff --git a/Webzine.WebApplication/appsettings.Production.json b/Webzine.WebApplication/appsettings.Production.json
index 079e9e7..64634dc 100644
--- a/Webzine.WebApplication/appsettings.Production.json
+++ b/Webzine.WebApplication/appsettings.Production.json
@@ -7,7 +7,7 @@
   },
   "Keycloak": {
     "Authority": "https://10.4.0.131/keycloak/realms/webzine-realm",
-    "MetadataAddress": "http://10.4.0.131/keycloak/realms/webzine-realm/.well-known/openid-configuration",
+    "MetadataAddress": "https://10.4.0.131/keycloak/realms/webzine-realm/.well-known/openid-configuration",
     "PublicOrigin": "http://192.168.10.80:8080"
   }
 }