Calling InitializeSsoAsync on http issuer url doesn't redirect

Hi there,

We implemented a Service Provider and were testing logging in with various Identity Providers, but we encountered an issue. Some issuer urls are http, not https. Okta is an example of an IdP that uses http issuer urls, like The problem with this is when calling SamlServiceProvider.InitiateSsoAsync("issuer url"), the browser doesn't appear to redirect. If we change the issuer url to be https, it will redirect to Okta, but then we get an error after logging in since the issuer urls don't match (http vs https).

My google skills are failing because I wasn't able to find any information on why http urls wouldn't work correctly for redirecting. We could just convert the url to https in our code right before calling InitiateSsoAsync, but that seems a bit hacky. Is there a better way of handling this issue?

The URL passed into ISamlServiceProvider.IntiateSsoAsync is the name of the identity provider rather than a SAML endpoint.
It’s used to lookup the corresponding partner identity provider configuration.
The SAML authn request is sent to the URL specified by the partner identity provider’s SingleSignOnServiceUrl.
For Okta, the name is typically an… URL. The actual SingleSignOnServiceUrl is typically https://…/sso/saml.
You should leave the name URL as is (ie http://…).
Which browser are you using?
Does the same occur with other browsers?
Have you tried something like Fiddler to see whether the 302 redirect is being returned to the browser?