How to remove the HTTPS requirement for SAML 2.0 SSO integration

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

You wish to test SAML configuration in a non-HTTPS secured dev or testing environment but cannot because HTTPS is required to be able to enable SAML config in Data Center.

Environment

  • Confluence Data Center 6.x and later

  • Jira Data Center 7.x and later
  • SSO for Atlassian Server and Data Center plugin

Cause

HTTPS is required by default to configure SAML.

As the SAML protocol is browser based both the product and the Identity Provider must use HTTPS (rather than HTTP), to prevent man-in-the-middle attacks and capturing XML documents with SAML assertions.

It's possible to allow non-HTTPS setups by following one of the workarounds below. This is not secure and shouldn't be used except for testing.

Workaround 1

Via startup property:

Set one of the following parameters in System Property, according to the version of the SSO for Atlassian Server and Data Center plugin you have installed.

For version 3.x
-Datlassian.darkfeature.atlassian.authentication.saml.sso.skip.https.requirement=true
For versions 4.x and later
-Datlassian.darkfeature.atlassian.authentication.sso.skip.https.requirement=true

Restart Jira/Confluence to have the change to take effect. 

Workaround 2

Via dark feature page:

  • Visit the dark features page on Confluence or Jira.
    • Confluence: <Confluence_URL>/admin/darkfeatures.action
    • Jira: <Jira_URL>/secure/admin/SiteDarkFeatures!default.jspa
  • Add one of the following dark features, according to the version of the SSO for Atlassian Server and Data Center plugin you have installed.
For version 3.x
atlassian.authentication.saml.sso.skip.https.requirement
For versions 4.x and later
atlassian.authentication.sso.skip.https.requirement
DescriptionRemoving HTTPS requirement for SAML configuration SSL
ProductConfluence

Last modified on Oct 4, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.