I had the same scenario: I needed SSL to be able to debug authentication against an external SAML provider.
What I did was not using the PHP built-in webserver, but a full Apache server on the side. That works with XDebug too, if configured right, just like with the PHP built-in webserver. As far as I know, the PHP built-in webserver cannot use SSL.