Removing HTTPS requirement for SAML configuration

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

This Knowledge Base article was written specifically for Atlassian Data Center applications. The contents of this article do not apply to Server installations or the Atlassian Cloud platform.

問題

You wish to test SAML configuration in a non-HTTPS secured dev or testing environment but cannot because HTTPS is required to be able to enable SAML config in Data Center.

環境

  • Confluence 6.x Data Center

原因

HTTPS is required by default to configure SAML

回避策

Set the following System Property:

-Datlassian.darkfeature.atlassian.authentication.saml.sso.skip.https.requirement=true

Restart Confluence to have the change take effect. 

Removing HTTPS Requirement
 As the SAML protocol is browser based both the product and the Identity Provider must use HTTPS (rather than HTTP), to prevent man-in-the-middle attacks and capturing XML documents with SAML assertions.
It's possible to allow non-HTTPS setups by setting the atlassian.authentication.saml.sso.skip.https.requirement dark feature.

This is not secure and shouldn't be use except for testing.

説明 Removing HTTPS requirement for SAML configuration SSL
製品Confluence
最終更新日 2020 年 1 月 24 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.