I got a general question about Jboss, load balancers with ssl offloading and URL rewriting. We had the same problem before with Tomcat we are now running into with Jboss.
Our load balancers are configured to talk https to the client and http to the jboss application servers. When someone logs out of our application, it seems Jboss is actually returning an full URL of something like "http://app.xyz.com", where app.xyz.com is only talking https (on the load balancer). Under Tomcat we ended up configuring tomcat to talk https to the load balancer to get around this.
People in power would prefer to not use https between load balancers and Jboss and I can't imagine we are the first to run into this problem. But I can't seem to find the right key words to search on your favorite search engine.
One last thing to add, it seems to only happen if the URL the client gets send to doesn't end in /, that Jboss actually returns a full URL of "http://app.xyz.com/".