Removing HTTPS requirement for SAML configuration
Platform Notice: Data Center Only - This article only applies to Atlassian products on the data center platform.
You wish to test SAML configuration in a non-HTTPS secured dev or testing environment but cannot because HTTPS is required to be able to enable SAML config in Data Center.
Confluence 6.x Data Center
HTTPS is required by default to configure SAML
Set the following System Property:
Restart Confluence to have the change take effect.
Removing HTTPS Requirement
As the SAML protocol is browser based both the product and the Identity Provider must use HTTPS (rather than HTTP), to prevent man-in-the-middle attacks and capturing XML documents with SAML assertions.
It's possible to allow non-HTTPS setups by setting the atlassian.authentication.saml.sso.skip.https.requirement dark feature.
This is not secure and shouldn't be use except for testing.