ping federate: SSO over http - Page Expired

I had PingFederate server IdP-initiated SSO configured to use HTTPS. After switching to HTTP (Server settings/My base URL) I started receiving Page Expired error from Ping.

Do you have an idea why?

Thanks

Solution

PingFederate uses the combination of a nonce inserted into the resume URL and the value of a cookie (PF) set with the initial response to store the user state while trying to authenticate the user. (Ping Identity Knowledge-base Article)

By default the PF cookie is set with a secure flag, meaning that the browser won't send it to non-HTTPS resources. This setting can be changed by editing the /server/default/data/config-store/session-cookie-config.xml file and setting the cookie-secure-flag to false. This would require PingFederate to be restarted.

Ping Federate Settings to configure authorization code grant flow using Postman
Local user accounts not created properly in Azure AD B2C
spring-boot-starter-oauth2-client not sending client_id to external SSO
Unable to lookup idp connection metadata for entityid='http://sp.example.com/sp'
PingFederate Sample IdP and SP Applications
PingFederate : Could not obtain attributes from the IdP Authentication Service
How to get SAML Response from Ping Federate Service provider to local server?
What is the correct OAuth2 flow to use where user is already authenticated
how to use azure ad to spring boot auth 2.0 application?
Bulk insert in PingDirectotry
Integrate a .net core solution with PingID
Encode my access token (JWT) with my own key value pair - Android
Meet "INTERNAL ERROR: Please contact your support." when configure SAML web SSO on WebSphere Application server
Spring to Ping: how to configure Spring Rest Service to use External Authorization Server PingFederate
Authenticate Angular Application to Web Api with Existing SSO using Ping Federate
Securing Web API with Open ID Connect Access Token
PingFederate use ognl expression to get security group
Difference between jwt-bearer and token-exchange grant types
OIDC - Obtaining an Identity Token for use by a backend (no actual user) service running scheduled jobs
Using Pingfederate as an SP and Okta as IDP
A valid SubjectConfirmation was not found on this Response, laravel and saml2
How to Configure SSO With Oracle Smartview Using Okta Or Pingfederate?
Redirect from CAS(PingFederate) in an OAuth auth code grant flow creating a new session on the OAuth client
Angular Get http response header without any WebAPI call?
Is it possible to create an Authentication Policy using the PingFederate Admin API?
What is the proper way to handle key-secured API operations with a React front-end?
Pingfederate kerberos authentication is authenticating any user from any domain
When authenticating to Sharepoint online with PingFederate SSO, what should "PARTNER SERVICE IDENTIFIER" be set to?
TransactionalStateSupport doesn't save variables
Passing RelayState between PingFederate(IDP) OpenAM (SP) with Sp-initiated sso