function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
MattiasMattias 

Single Sign-On Gateway URL error using SSL

Hi,

We have developed a Single Sign-On Gateway URL web service using java axis, with stubs generated from the wsdl you provide on Salesforce. I have no problems running this using HTTP. When I turn on HTTPS, it says that the authentication service is down. I use a trusted real cert from thawte.

Single Sign-On Gateway URL's set for my demo company:
HTTP: http://www.nordicedge.se:82/salesforce/services/AuthenticationService

HTTPS: https://www.nordicedge.se:9443/salesforce/services/AuthenticationService

Both URL's use the same webservice and are accesible from the Internet. Any idéas? Do I need to change something in the webservice itself to support HTTPS? I earlier used a self-signed cert, could that be cached somehow on Salesforce? Is it the port numbers?

Regards Mattias
SuperfellSuperfell
What's the error reported in the single sign on error log (under setup -> user management)
MattiasMattias
Hi,

The error is: (403)Forbidden

But I have no problem just accessing this webservice with a normal browser.

Regards Mattias
SuperfellSuperfell
Do a test that actually POSTs a request to it. this is pretty easy with curl http://curl.haxx.se/

put this xml in a file (call it sso.xml)

<soap:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'>
 <soap:Body>
  <Authenticate xmlns='urn:authentication.soap.sforce.com'>
    <username>string</username>
    <password>string</password>
    <sourceIp>127.0.0.1</sourceIp>
  </Authenticate>
 </soap:Body>
</soap:Envelope>

then do
curl -d @sso.xml -h SOAPAction: " " -h Content-Type:text/xml https://www.nordicedge.se:9443/salesforce/services/AuthenticationService
SuperfellSuperfell
Also do you have any IP based restrictions setup ?
MattiasMattias
Hi,

Thanks for the answer.

I created the sso.xml file and ran:

curl -d @/data/doc/customers/Salesforce/sso.xml -H "SOAPAction:Authenticate " -H "Content-Type:text/xml" https://www.nordicedge.se:9443/salesforce/services/AuthenticationService

And the response was:
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><AuthenticateResult xmlns="urn:authentication.soap.sforce.com"><Authenticated>true</Authenticated></AuthenticateResult></soapenv:Body></soapenv:Envelope>mandersson@mandersson:~>

Which indicates that everything was ok. Can you run the curl line above and see if you get the same result?

My sso.xml is:
<soap:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'>
 <soap:Body>
  <Authenticate xmlns='urn:authentication.soap.sforce.com'>
    <username>testuser1@wtr918.com</username>
    <password>debug:1234</password>
    <sourceIp>127.0.0.1</sourceIp>
  </Authenticate>
 </soap:Body>
</soap:Envelope>

Also, no ip restrictions that I'm aware of...

Regards Mattias
benjasikbenjasik
pretty sure we only support 80 and 443 as outbound ports.  Try to use the standard 443 for ssl
MattiasMattias
Hi,

Thanks for your answer. I figured it might have to do with the ports, but I actually use port 82 for HTTP and that works just fine. I will try with 443 as soon as I get the cert for the real dns name.  Just using test URL's right now.

Could try using 82 as SSL port just to see if 82 but 9443 does not work.... I'll be back....

Regards Mattias
ksherry49ksherry49
Is there a document that describes how to set-up SSO gateway with Salesforce.com?

I have several resources (software downloads, white papers, etc) on my website that have
restricted access.  I'd like to leverage Salesforce.com as the main respository for access levels and user management.

For example, if a partner wants to download marketing material they would have to provide a valid username and password in order to gain access to the resource.

My plan is to have the  username and password passed to Salesforce.com to  authenticate  the user.  If the user is authenicated successfully then its credentials are passed on to the external web site to enable access to other resources (e.g. software downloads, etc).


Thanks,
Keith
benjasikbenjasik
there are docs, you need to log a case to get them