We are using our load balancing switch of offload the SSL so all communication between the browser and the switch is SSL and communication between the APEX application (on Tomcat) and the switch remains in clear text.
If I access to APEX application using https, then the login page is shown securely. After clicking on the "Sign In" button on the login page, the redirect does not preserve the https - the URL is changed back to http. We are using custom authentication, the login button is calling "apex_authentication.login".
In the User Interface, the Home URL is set to "f?p=&APP_ID.:1:&SESSION." As this only contains the context root, I would not expect it to change the https to http. Once I'm logged into the application, I can change the URL to https and the every subsequent response stays as https - until I log out.
Is there a setting for login and logout that we need to instruct APEX that we are using SSL offloading ? Why is it changing the protocol and not just the part of the URL after the context root ?
Help !
Cheers,
Brent