[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 425
  • Last Modified:

SAML 1.1 and SSL

I know that SAML 2.0 requires SSL

However, I have seen some examples using SAML 1.1, that seem to exclude SSL, not really sure

Does SAML 1.1 require SSL ?

Anthony Lucia
Anthony Lucia
1 Solution
Brad GrouxCommented:
With SAML 1.1 it doesn't require SSL, but if the responder requires it - it will refuse the request. So the only way you don't need SSL is if both parties involved don't care about SSL (highly unlikely). With that said, not utilizing SSL is a gigantic security risk - especially when SAML 2.0 allows for self-signed.

A secure connection is not required for SAML requests and responses, but in those situations where message integrity and confidentiality are required, HTTP over SSL 3.0 or TLS 1.0 with a server-side certificate is required.

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now