To further elaborate on what KY is saying, most likely what is happening is that your Tomcat server is sending back http redirects to the client rather than https. Because you are decrypting SSL at the BIG-IP, the Tomcat server is running on port 80 and doesn't realize that it needs to send redirects as https instead of http.
The best way to fix this is to make sure your Tomcat server doesn't improperly send back http redirects, but if that is not possible, then you can use the Rewrite Redirects feature in the http profile on the BIG-IP to "catch" those http redirects on the way back out to the client and change them to https as they should be.
Click here for the manual on Rewrite Redirects for 9.1.2.
Denny