Is it Required that the service providers be accessible on a https connection if the IDP can be accessed only on a https connection, if I have to avoid the https security warning below when going from idp to sp? This may not be directly related to component space but a question in general.
“Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?”
I did some research and I see the following on the net:
“You will get that warning if you go from a secure https connection to an insecure http connection and POST data entered in a form on a secure site is send to a http server.The warning tells you that you are sending data from a secure site to a non secure http url.”
This is not a requirement but the SAML specification recommends that HTTPS is used and that is our recommendation too.
My understanding is that this is a Firefox warning. You could disable this warning in Firefox or use a different browser.
However, the best solution is to use an HTTPS connection to the SP.
Thank You.