+ Start a Discussion
exper dotexper dot 

Does the SAML2.0 ACS url must be a https hyperlink?

1. Create a SSO app with enable SAML .
2. When I configure a url "http://example.com/SAML/ACS" for ACS URL, actually it will be changed to "https://example.com/SAML/ACS" when I sign in my own application by salesforce.
3. But the locahost is rigid. The "http://localhost/SAML/ACS" won't be changed.
I want to know whether it is a policy. BTW, there is no document for it.
pconpcon
Yes, the endpoint must be https.  It does not validate the SSL cert, so you can use a self-signed cert for this