In earlier releases we forced the switch to HTTPS.
HTTPS is required as the SAML_SessionID cookie we use in support of the SAML protocol must be set as Secure and SameSite=None.
HTTP happens to work for IdP-initiated SSO as no previous state information (ie the SAML_SessionID cookie) is required.
It's strongly recommended you use HTTPS in all environments including production, test and development.
Regards ComponentSpace Development
|