function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
exper dotexper dot 

Does the SAML2.0 ACS url must be a https hyperlink?

1. Create a SSO app with enable SAML .
2. When I configure a url "http://example.com/SAML/ACS" for ACS URL, actually it will be changed to "https://example.com/SAML/ACS" when I sign in my own application by salesforce.
3. But the locahost is rigid. The "http://localhost/SAML/ACS" won't be changed.
I want to know whether it is a policy. BTW, there is no document for it.
pconpcon
Yes, the endpoint must be https.  It does not validate the SSL cert, so you can use a self-signed cert for this