This page documents my experiments on how SAMP can be used from a Web Application served from an HTTPS, rather than HTTP, web page (I'm tentatively calling this the TLS Profile or tlsamp). This is not straightforward; see my presentations on the topic from Sydney, Edinburgh, Cape Town.

Below are some resources which give the results of my experiments to date, and some instructions on how you can try this out at home. In terms of functionality I believe it should work in the same way as the existing Web Profile, except (a) it will be slower (especially if you are far from the server) and (b) URL translation is not currently implemented, so you can't read data sent from desktop SAMP clients to TLS SAMP clients (most Web SAMP clients don't currently need to do that).

It's still not clear to me whether it makes sense to incorporate all this into a future version of the SAMP standard. That depends on input from other potential deployers of SAMP-from-HTTPS. If that's you, I'd like to know:

  1. Can you get it working?
  2. Do you want/need to use it?
  3. Do you want/need to read incoming URLs? (not currently working)

If you have input along these lines please contact me or discuss on the apps@ivoa.net or apps-samp@ivoa.net mailing list.

Or if all this sounds too complicated (which it is): you can look at sampload, a much dumber solution to part of the same problem.


HTTPS-capable hub:
Run java -jar tlshub.jar
HTTP examples:
HTTPS examples:
Deployable web application:
Description of the prototype protocol:
Prototype protocol implementation source code:

Try it out

1. Try the examples above

These are example web applications based on the experimental TLS profile deployed on my HTTP/HTTPS servers.

  1. Start the HTTPS-capable hub linked above (download and run the jar file); make sure you don't have any other hub running first
  2. Start some other SAMP-capable applications (e.g. TOPCAT)
  3. Point your browser at the HTTP examples and HTTPS examples links above. Try the example web apps in both HTTP and HTTPS versions. Do they work?

2. Deploy the examples servlet on your HTTPS site

For this you need to have a running servlet container (e.g. Tomcat) running from HTTPS (i.e. with a certificate). That's necessary because the TLS profile requires you to run a separate server component alongside the web application itself, in order to relay SAMP calls from the web app to the hub. It is possible to do that using a relay deployed on a different machine or using a standalone HTTPS server rather than a servlet container, but here I just document doing it from within the same servlet.

  1. Deploy the .war file listed above into your servlet container (fiddle with the web.xml file as required)
  2. Try out the examples as in the previous exercise, but this time pointing at the deployment on your HTTPS server.

3. Write your own HTTPS-capable web clients

  1. Take the content of the .war file, but add some example web applications of your own (.html files with suitable javascript). If you have one that already uses samp.js, you can just replace that with the tlsamp.js file above, and modify the connector setup like this:
          var connector = new samp.Connector(clientName, metaData);
          // This is the part that's required for use with HTTPS.
          // You need to set the connector profile property to an instance of
          // samp.TlsProfile, pointing to a hub relay XML-RPC server.
          // The value of relay here is the URL of the Relay servlet as
          // set up in the provided war file; adjust it if the relay has
          // a different URL.
          if (location.protocol === "https:") {
              var relay = baseUrl + "xmlrpc";
              connector.profile = new samp.TlsProfile(relay);
  2. Deploy it as before; the relay component has to be running.
  3. Point your browser at it and see if the SAMP functionality works.

Mark Taylor -- m.b.taylor@bristol.ac.uk
Git version: ba3678c (2019-09-19)