Hi,
We just want to inform you that we faced of a strange trouble when tomcat is used with an Apache front (with SSL) and proxifies tomcat in HTTP (not https).
After accessing the login page with "https://mydomain.com/login.jsp" when the "submit" button is pressed the redirected page is http://mydomain.com/index.jsp and not https://mydomain.com/index.jsp as expected.

It's the case with release 5.3.5 and should be also the same with the last release.

To reproduce:

1. install apache with a self signed certificate and configure a mod_proxy to reverse to tomcat
2. configure tomcat without SSL (with default port 8080 and no SSL port)
3. try to authenticate.

Reason: In class AxelorCallbackFilter, the call context.getSessionStore().get(context, Pac4jConstants.REQUESTED_URL) return an URL with HTTP (eg. http://mydomain.com/index.jsp) instead of the real requested one with HTTPS ( eg. https://mydomain.com/index.jsp).

The way I found to set it is to use the APPLICATION_HOME url as reference and to check inside the AppFilter.computeBaseUrl(...) if the proto is the same. If not, the proto is overrided with the APPLICATION_HOME proto. Moreover, I commented "redirectUrl = requestedUrl" in AuthPac4jModule file line 428.

I don't think it's the right way to fix it but it works.

Axelor deployment type, as described here (customer->proxy = HTTPS, proxy -> tomcat HTTP) is a common practice and Axelor must work with it.

Thank you.