[keycloak-dev] Isn't SSL required a global setting?

At the moment we have a SSL required setting per-realm. I was thinking that it should be a global configuration for a Keycloak server. In production all requests to a Keycloak server should be over https, while in development it should be possible to use http for simplicity. That's not a per-realm thing IMO. If it's ok that it's a global config, we can drop it from the realm and instead add: <security-constraint> <web-resource-collection> <web-resource-name>keycloak</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> To the web.xml in the distribution. In the documentation we should then have two options, first how to configure SSL on WildFly, second how to allow HTTP (with a warning that it's only for development!).