diff --git a/keycloak_collective_portal.py b/keycloak_collective_portal.py
index aa00458..e044d5e 100644
--- a/keycloak_collective_portal.py
+++ b/keycloak_collective_portal.py
@@ -6,6 +6,7 @@ from authlib.integrations.starlette_client import OAuth, OAuthError
 from fastapi import FastAPI, Request
 from fastapi.responses import HTMLResponse, RedirectResponse
 from fastapi.templating import Jinja2Templates
+from httpx import get
 from starlette.middleware.sessions import SessionMiddleware
 
 APP_SECRET_KEY = environ.get("APP_SECRET_KEY")
@@ -18,15 +19,17 @@ app = FastAPI()
 app.add_middleware(SessionMiddleware, secret_key=APP_SECRET_KEY)
 templates = Jinja2Templates(directory="templates")
 
+BASE_URL = f"https://{KEYCLOAK_DOMAIN}/auth/realms/{KEYCLOAK_REALM}/protocol/openid-connect"
+
 oauth = OAuth()
 oauth.register(
     name="keycloak",
     client_kwargs={"scope": "openid profile email"},
     client_id=KEYCLOAK_CLIENT_ID,
     client_secret=KEYCLOAK_CLIENT_SECRET,
-    authorize_url=f"https://{KEYCLOAK_DOMAIN}/auth/realms/{KEYCLOAK_REALM}/protocol/openid-connect/auth",
-    access_token_url=f"https://{KEYCLOAK_DOMAIN}/auth/realms/{KEYCLOAK_REALM}/protocol/openid-connect/token",
-    jwks_uri=f"https://{KEYCLOAK_DOMAIN}/auth/realms/{KEYCLOAK_REALM}/protocol/openid-connect/certs",
+    authorize_url=f"{BASE_URL}/auth",
+    access_token_url=f"{BASE_URL}/token",
+    jwks_uri=f"{BASE_URL}/certs",
 )
 
 
@@ -35,9 +38,16 @@ async def home(request: Request):
     user = request.session.get("user")
     if user:
         return templates.TemplateResponse(
-            "index.html", context={"request": request, "user": user}
+            "admin.html", context={"request": request, "user": user}
         )
-    return RedirectResponse(request.url_for("login_keycloak"))
+    return RedirectResponse(request.url_for("login"))
+
+
+@app.get("/login", response_class=HTMLResponse)
+async def login(request: Request):
+    return templates.TemplateResponse(
+        "login.html", context={"request": request}
+    )
 
 
 @app.get("/login/keycloak")
@@ -60,4 +70,5 @@ async def auth_keycloak(request: Request):
 @app.route("/logout")
 async def logout(request: Request):
     request.session.pop("user", None)
-    return RedirectResponse(request.url_for("home"))
+    get(f"{BASE_URL}/logout")
+    return RedirectResponse(request.url_for("login"))
diff --git a/templates/admin.html b/templates/admin.html
new file mode 100644
index 0000000..38c04db
--- /dev/null
+++ b/templates/admin.html
@@ -0,0 +1,11 @@
+<html>
+  <head>
+    <title>Home</title>
+  </head>
+  <body>
+    <p>
+      Hello, {{ user.preferred_username }}
+      <small>(<a href="{{ url_for('logout') }}">logout</a>)</small>
+    </p>
+  </body>
+</html>
diff --git a/templates/index.html b/templates/index.html
deleted file mode 100644
index 9ab1f20..0000000
--- a/templates/index.html
+++ /dev/null
@@ -1,8 +0,0 @@
-<html>
-  <head>
-    <title>Home</title>
-  </head>
-  <body>
-    <p>Hello, {{ user.preferred_username }}</p>
-  </body>
-</html>
diff --git a/templates/login.html b/templates/login.html
index 0c85893..4b31681 100644
--- a/templates/login.html
+++ b/templates/login.html
@@ -3,6 +3,8 @@
     <title>Login</title>
   </head>
   <body>
-    <p>Please login</p>
+    <p>
+      <a href="{{ url_for('login_keycloak') }}">Login</a>
+    </p>
   </body>
 </html>