Steps to reproduce:
1. run opencast with only http
2. use a proxy with https (with server.url correctly configured to point to the proxy address)
3. log in
This is especially a problem when logging in via ajax in the engage ui as engage thinks the authentication failed because the browser will not redirect to http because of mixed content violation. You are actually logged in despite the error, which manually reloading the page proves.
the browser is redirected to https://server.url/admin-ng/index.html thus enabling you to log in.
Workaround (if any):
configure your proxy to rewrite the response headers for Location: from http to https