There are several configuration possibilities to enforce HTTP or HTTPS usage:
1. Parameter login/ticket_only_by_https - this is a system wide setting, which controls whether the Secure flag is set for ICF cookies. In addition, this setting is also used to determine the protocol for URL generation (0 - HTTP, 1 - HTTPS).
Note that cookies with the Secure flag will only be transmitted via encrypted HTTPS and not via plain HTTP. This means that if the parameter login/ticket_only_by_https = 1 is set, then (most) applications will only work with HTTPS, and not with plain HTTP.
2. The radiobuttons Standard and SSL in the SICF detail view of the relevant service, on the tab Logon Data, section Security Requirement. The Standard setting allows both HTTP and HTTPS usage. The SSL setting allows HTTPS usage only - it depends on the application coding whether the service will switch to HTTPS or throw an error when called with plain HTTP.
3. The table HTTPURLLOC can be maintained with entries using HTTP or HTTPS protocol. This table is used for URL generation (for example at transaction start), so it can be influenced whether an HTTP or HTTPS URL is generated.
4. The ICF System Logon page has a configuration possibility to switch to HTTPS. Note that this setting is only relevant if the user logs on manually with the System Logon page - in case of other logon methods (e.g. different types of SSO) this setting is not considered.
See the KBA 1789344 for details.