Can We Support Both Http And Https On OIF IdP? (Doc ID 2077774.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version 11.1.1.4.0 and later
Information in this document applies to any platform.

Goal

SP Initiate SSO
SAML 2.0
OAM in IdP mode
SP is Cherwell (help desk ticketing system)

OIF as IdP originally built w/o SSL on the OHS, so the entity ID is
http://idpsrv.myoracle.com:7777/fed/idp
and all the login URLs, etc are built on that as well.

Recently customer rolled out a new federated service using this OIF for SP-initiated SSO, but then users were unhappy to see the sudden appearance of a Security Warning pop-up dialog in their browsers that they were submitting data to a non-HTTPS server, despite the fact the actual submission is the POST operation of the SAML request to the IdP (i.e. SP-initiated doing a POST to a non-SSL server).

They can't just change the IdP to do SSL, because if changed the entityID, all other implemented federation will break. And if edited the metadata to change all the other URLs into SSL URLs, the SP sends the request to the SSL port as desired, but then OIF, which is configured for non-SSL, gets the request POSTed to an unexpected port.

Question:
Is it possible to add HTTPS support on the IdP without affecting those already using HTTP (mostly IdP-initiated services)?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms