At the moment we have a SSL required setting per-realm. I was thinking that it should be a
global configuration for a Keycloak server. In production all requests to a Keycloak
server should be over https, while in development it should be possible to use http for
simplicity. That's not a per-realm thing IMO.
If it's ok that it's a global config, we can drop it from the realm and instead
add:
<security-constraint>
<web-resource-collection>
<web-resource-name>keycloak</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
To the web.xml in the distribution. In the documentation we should then have two options,
first how to configure SSL on WildFly, second how to allow HTTP (with a warning that
it's only for development!).