...
- the initial resource URL being accessed (the "target")
- the Assertion Consumer Service to which the response to the SP is delivered (the "ACS", also called the "shire" in the legacy protocol, it usually ends in /POST)
- the actual resource URL to which the ACS response redirects the browser (the "resource")
...
- Use native web server functionality to require SSL. This generally causes the server to return an error page to the browser indicating SSL is required. Note that this will not work on IIS, because the detection of this condition occurs after the filter installed by the SP runs.
- Use the
redirectToSSLcontent content setting via Apache command,<RequestMap><RequestMap>, etc. Typically this setting is applied at a host-wide level, to send all improper requests to the SSL port.
...
If Apache 2.4 is involved, check the Apache Virtual Host. If the protected <Directory> or <Location> has a
Require all granted
directive, remove it and restart Apache.