Setting Up a Self-Signed SSL Certificate

SSL/TLS is important for SSO. Without it, all the information that gets exchanged between the client and the server will be unencrypted and accessible to anyone connected to the same network. This even includes the password.

To prevent that, by default, IdPs only allow encrypted HTTPS connections. Some of them do allow communication to happen via an unencrypted HTTP channel in development mode, but not all of them do. Plus, this option forces us to apply development-specific code to our ...