For the second part of your question (about HTTPS), see this thread: SSO and SSL: tpa-saml - #3 by braden