diff --git a/Dockerfile.prod b/Dockerfile.prod
index c3dff6d..e4d5f3b 100644
--- a/Dockerfile.prod
+++ b/Dockerfile.prod
@@ -30,11 +30,19 @@ ENV QUARKUS_PROFILE=prod
 ENV QUARKUS_HTTP_PORT=8080
 ENV QUARKUS_HTTP_HOST=0.0.0.0
 
+# Proxy forwarding (SSL termination par l'ingress nginx K8s)
+ENV QUARKUS_HTTP_PROXY_PROXY_ADDRESS_FORWARDING=true
+ENV QUARKUS_HTTP_PROXY_ALLOW_X_FORWARDED=true
+
 # Configuration Keycloak/OIDC (production)
 ENV QUARKUS_OIDC_AUTH_SERVER_URL=https://security.lions.dev/realms/lions-user-manager
 ENV QUARKUS_OIDC_CLIENT_ID=lions-user-manager-client
+ENV KEYCLOAK_CLIENT_SECRET=oGCivOdgbNHroNsHS1MRBZJXX8VpRGk3
+ENV QUARKUS_OIDC_CREDENTIALS_SECRET=oGCivOdgbNHroNsHS1MRBZJXX8VpRGk3
 ENV QUARKUS_OIDC_ENABLED=true
 ENV QUARKUS_OIDC_TLS_VERIFICATION=required
+ENV QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE=lax
+ENV OIDC_ENCRYPTION_SECRET=gbztZB3CYpou0vFL2LqOWJQdXnvwVQkhjrHpsZHOJPI=
 
 # Configuration API Backend
 ENV LIONS_USER_MANAGER_BACKEND_URL=https://api.lions.dev/lions-user-manager
diff --git a/src/main/resources/META-INF/resources/templates/components/user-management/user-card.xhtml b/src/main/resources/META-INF/resources/templates/components/user-management/user-card.xhtml
index 4a6cdca..29deabe 100644
--- a/src/main/resources/META-INF/resources/templates/components/user-management/user-card.xhtml
+++ b/src/main/resources/META-INF/resources/templates/components/user-management/user-card.xhtml
@@ -109,11 +109,11 @@
                         <c:choose>
                             <c:when test="#{not empty user.realmRoles and not user.realmRoles.isEmpty()}">
                                 <c:forEach var="role" items="#{user.realmRoles}" varStatus="status">
-                                    <c:if test="#{status.index < 4}">
+                                    <c:if test="#{status.index lt 4}">
                                         <p:tag value="#{role}" severity="info" styleClass="text-xs" />
                                     </c:if>
                                 </c:forEach>
-                                <c:if test="#{user.realmRoles.size() > 4}">
+                                <c:if test="#{user.realmRoles.size() gt 4}">
                                     <p:tag value="+#{user.realmRoles.size() - 4}" severity="secondary"
                                         styleClass="text-xs"
                                         title="#{user.realmRoles.size() - 4} rôle(s) supplémentaire(s)" />
diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index 867ce5c..51df723 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -9,15 +9,19 @@
 # HTTP Configuration PROD
 # ============================================
 quarkus.http.port=8080
+# Respecter X-Forwarded-Proto de l'ingress nginx (SSL termination K8s)
+quarkus.http.proxy.proxy-address-forwarding=true
+quarkus.http.proxy.allow-x-forwarded=true
 
 # ============================================
 # OIDC Configuration PROD (Keycloak Production)
 # ============================================
 quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
 quarkus.oidc.client-id=${KEYCLOAK_CLIENT_ID:lions-user-manager-client}
+quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET:oGCivOdgbNHroNsHS1MRBZJXX8VpRGk3}
 quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
 quarkus.oidc.tls.verification=required
-quarkus.oidc.authentication.cookie-same-site=strict
+quarkus.oidc.authentication.cookie-same-site=lax
 quarkus.oidc.authentication.pkce-required=true
 quarkus.oidc.token-state-manager.encryption-secret=${OIDC_ENCRYPTION_SECRET:gbztZB3CYpou0vFL2LqOWJQdXnvwVQkhjrHpsZHOJPI=}