Does Appian SAML SSO work with http (not https) IDP requests.
Is it mandatory to have all the systems running under https rather than http to be compatible with saml SSO?
What is the rule?
Discussion posts and replies are publicly visible
From my understanding SAML itself does not technically require https but I would argue that enabling SSL/TLS is mandatory in 2023.
In what scenario would you be running Appian without https?
One of my end clients has some of its systems running on http and after checking with IdP (azure here) they suggested moving the systems to https first to be compatible with their requests.
Though, it's an extra overhead moving all the urls to https, but, for us it's doable.
I just wanted to know as a general enquiry if it's mandatory to be on https which you have answered NOT, but a necessity for security purposes in this time.
Thanks
Using encrypted connections for any communication, external AND internal is the foundation of a modern IT infrastructure. I would never compromise on that.
I agree with you.