Steps to reproduce:
1. run opencast with only http
2. use a proxy with https (with server.url correctly configured to point to the proxy address)
3. log in
Actual Results:
POST /j_spring_security_check does a 302 redirect to http://server.url/admin-ng/index.html instead of https://server.url/admin-ng/index.html
This is especially a problem when logging in via ajax in the engage ui as engage thinks the authentication failed because the browser will not redirect to http because of mixed content violation. You are actually logged in despite the error, which manually reloading the page proves.
Expected Results:
the browser is redirected to https://server.url/admin-ng/index.html thus enabling you to log in.
Workaround (if any):
configure your proxy to rewrite the response headers for Location: from http to https