Well, I guess the only alternative then is to get https on the Xibo server itself going, using a proxy there. I'll look into that.
I would say though that protection against tampering and corruption is something that belongs in the tcp or ssl layers, not in the application itself, so an option to disable it would be quite reasonable from my point of view.
Anyway, thanks a lot for the time you've put down in trying to solve this. Even though it looks like we aren't going to solve it, the effort is appreciated!
As for SAML (just saw your addition), I think we'll have to look into that. That's what this solution is built for though, the HAG acts both as reverse proxy and SAML IdP/SP, so I'm sure it works. I don't think I have used an internal resource server as SP though, so you might be right.