How to remove the HTTPS requirement for SAML 2.0 SSO integration
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
You wish to test SAML configuration in a non-HTTPS secured dev or testing environment but cannot because HTTPS is required to be able to enable SAML config in Data Center.
Environment
Confluence Data Center 6.x and later
- Jira Data Center 7.x and later
- SSO for Atlassian Server and Data Center plugin
Cause
HTTPS is required by default to configure SAML.
As the SAML protocol is browser based both the product and the Identity Provider must use HTTPS (rather than HTTP), to prevent man-in-the-middle attacks and capturing XML documents with SAML assertions.
It's possible to allow non-HTTPS setups by following one of the workarounds below. This is not secure and shouldn't be used except for testing.
Workaround 1
Via startup property:
Set one of the following parameters in System Property, according to the version of the SSO for Atlassian Server and Data Center plugin you have installed.
-Datlassian.darkfeature.atlassian.authentication.saml.sso.skip.https.requirement=true
-Datlassian.darkfeature.atlassian.authentication.sso.skip.https.requirement=true
Restart Jira/Confluence to have the change to take effect.
Workaround 2
Via dark feature page:
- Visit the dark features page on Confluence or Jira.
- Confluence:
<Confluence_URL>/admin/darkfeatures.action
- Jira:
<Jira_URL>/secure/admin/SiteDarkFeatures!default.jspa
- Confluence:
- Add one of the following dark features, according to the version of the SSO for Atlassian Server and Data Center plugin you have installed.
atlassian.authentication.saml.sso.skip.https.requirement
atlassian.authentication.sso.skip.https.requirement