Auth Connector as a SAML IDP over HTTPS limitation
search cancel

Auth Connector as a SAML IDP over HTTPS limitation


Article ID: 171159


Updated On:


Cloud Secure Web Gateway - Cloud SWG


You would like to configure the Authentication Connector as a SAML IDP that listens for SAML requests over HTTPS (port 443) instead of HTTP (port 80).


The Authentication Connector as a SAML IDP is limited to listening for SAML requests on port 80 as its use case is as a proof-of-concept SAML deployment.

Although the scheme is HTTP, both kerberos (token) and NTLM (hash of password) do not exchange passwords and hence credentials cannot be viewed over the wire, assuming this is run as a simple test solution.

Use one of the other supported SAML IDP solutions if HTTPS must be used for SAML requests in your environment. 

Other Limitations

  • Inability to handle inbound signed SAML request (AuthnRequests) from Cloud SWG or signing the SAML response (AuthnResponse) message sent back; the assertion itself is always signed.
  • Will only work with the Cloud SWG SAML SP. It cannot be used as an IDP server for other non Cloud SWG SAML service providers
  • Inability to support client certificate authentication, or multi factor authentication.

Refer to our Cloud SWG SAML IdPs for information on alternative SAML IDP solutions that support the use of HTTPS for SAML requests.