Sometimes it's required to run the Atlassian application via HTTPS in combination with our SAML Single Sign On apps. "Sometimes", because it depends on the Identity Provider.
In general, our SAML Single Sign On apps can be used via HTTP as well as HTTPS and it really doesn't makes a technically difference in aspect for the app. It just uses a different Atlassian Base URL for all the SAML specific information (SAML Endpoint, Metadata, EntityID/Issuer).
Many SAML Identity Providers like AD FS and Azure AD have the limitation, that only secured URLs (HTTPS) are allowed to be used as SAML Endpoint within the Identity Provider specific SAML configurations. Trying to enter a HTTP URL shows an error/validation message. If you should encounter this issue, there is no other way to fix this than add HTTPS support to the Atlassian application (Apache Tomcat), either by a using a self-signed or CA-signed certificate. Please find all information how to run your Atlassian application over SSL or HTTPS in one of the listed Atlassian documentation articles below:
- Jira: Running Jira applications over SSL or HTTPS
- Confluence: Running Confluence Over SSL or HTTPS
- Bitbucket: Securing Bitbucket Server with Tomcat using SSL
- Bamboo: Securing Bamboo with Tomcat using SSL
- Fisheye/Crucible: FishEye SSL configuration