@adam glad you were able to find a workaround.
I am assuming this won't be an issue in production as the SAML callback will be HTTPS -> HTTPS and not HTTPS -> HTTP.
I'm not sure, would need to set up a test environment. If you have a support contract, feel free to open a support ticket for us to do more investigation.
You could also set up a local proxy to have fusionauth be served over HTTPS (examples here) or you could use ngrok or something similar for your testing.