Removing HTTPS requirement for SAML configuration
This Knowledge Base article was written specifically for Atlassian Data Center applications. The contents of this article do not apply to Server installations or the Atlassian Cloud platform.
You wish to test SAML configuration in a non-HTTPS secured dev or testing environment but cannot because HTTPS is required to be able to enable SAML config in Data Center.
Confluence 6.x Data Center
HTTPS is required by default to configure SAML
Set the following System Property:
Restart Confluence to have the change take effect.
Removing HTTPS Requirement
As the SAML protocol is browser based both the product and the Identity Provider must use HTTPS (rather than HTTP), to prevent man-in-the-middle attacks and capturing XML documents with SAML assertions.
It's possible to allow non-HTTPS setups by setting the atlassian.authentication.saml.sso.skip.https.requirement dark feature.
This is not secure and shouldn't be use except for testing.