There may be cases where you need to use insecure HTTP and not secure HTTPS for communication with the SPAS server for Windows logins. Here is how you do it.
- You will need to be using a single tenant license in your on premises SPAS server environment.
- Change the SPAS server's web.config to allow http and to set the ssl requirement for cookies to false
- See: <!-- SYSTEM: If you want to use http for testing set AllowHttp=true. You must also set httpCookies requireSSL=false further down in this file (around line 226). Remember to set these back for production -->
<add key="System.AllowHttp" value="true"/>
and
<httpCookies httpOnlyCookies="true" requireSSL="false" /> - Update the WLM DLL to our current version.
- Add a new string in the CredProv section (HKLM\software\surepassid\credprov) registry for ConnectionAllowHttp =1
- Add/Change the binding for http in IIS for the mfa.yourdomain.com site so that the site is listening for the correct FQDN for your SPAS so http://mfa.yourdomain.com presents the site in a browser.
- Note that you may have to use Firefox or other browser that will allow http instead https.
- You may also want to temporarily change the https binding for the site so that it is listening for a different FQDN to ensure that our WLM is not hitting the SPAS on https to confirm operation on http.
With the above, in place, you should be able to use a test machine with our WLM to connect and process the MFA for the test user with an http connection.