Before reporting an issue

[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/ui

Describe the bug

Can't log in to the admin UI using a non-secure context.

• With KC 26.3.3, I can start Keycloak in dev-mode and login to the admin console for host 0.0.0.0 (insecure context)
• With KC 26.4 nightly builds, I can not and I get the following error message:

<img width="613" height="238" alt="Image" src="https://github.com/user-attachments/assets/16e9aa56-14dd-4c09-9e40-9ff427fafb2d" />

<img width="788" height="188" alt="Image" src="https://github.com/user-attachments/assets/1bedcbb2-afa6-4578-a6e3-b8631b7c8b86" />

I see this as a regression, and a problematic developer experience as we (still) log the address http://0.0.0.0:8080 at startup and people will try to use it to log in.

cc: @stianst, @mposolda

Version

nightly

Regression

[x] The issue is a regression

Expected behavior

I can log in to the admin console from non-secure contexts (even if there is an IP address or hostname without HTTPS)

Actual behavior

I get an error message Web Crypto API is not available.

How to Reproduce?

Log in via http://0.0.0.0:8080

Anything else?

Keycloak used to have a webcrypto shim in place, but it seems to no longer work as expected?