Why the IDP Issuer URL Uses HTTP Instead of HTTPS in the Setup Instructions of a SAML Application
Feb 4, 2026
Single Sign-On
Integrations
Okta Classic Engine
Okta Identity Engine
Overview
The issuer plays a crucial role in a Security Assertion Markup Language (SAML) assertion. The issuer is typically the Identity Provider (IdP), an entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying parties.
Applies To
- IdP Issuer URL
- SAML Applications
Solution
The Issuer/Identifier ID in a SAML assertion must not be a valid URL path.
This HTTP part is not related to security. The value needs to match what the service provider is expecting.
However, the Assertion Consumer Service (ACS) URL must always be SSL and a valid URL.
