Hi,
I'm working on a project where we use an F5 device to offload SSL from an Apache HTTP that proxies to Liferay/Tomcat 6.2 EE. The F5 forces all communication between the client and the F5 to be SSL. All down-line communication to Apache and Liferay are http.

To get past a mixed content issue, where static files belonging to the theme and OOB portlets were being requested using http, but the page is forced SSL, I set web.server.protocol=https in portal-ext.properties

Unfortunately, we're also using a SAML 2.0 based IdP to provide SSO. With web.server.protocol=https set, the AuthN request is constructed by Liferay assuming communication to Liferay is https. In my case it is http. When the AuthN request is returned by the IdP, SAML2 complains that the URL requested does not match the URL in the assertion. The mismatch is https vs http.

If I set web.server.protocol=http it fixes the SSO URL mismatch issue, but then I'm back to the browser complaining about mixed content. Is there a setting for the SAML2 plugin that would allow the SAML AuthN request metadata to use http, while still using the web.server.protocol property set to https?