function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
edsheppaedsheppa 

Authenticating Salesforce users from an external service.

My Salesforce app calls out to my own external web service. The documentation says to use the user ID and session ID to authenticate and identify users from an external service. Specifically, you're supposed to put the user and session IDs in the web request then have your service call back through the Force.com API to check that the user has an active session and has been authenticated.

 

I get the idea but there is no example or further explanation. HOW is that done with the API? WHAT API methods are used?

JK__JK__

Is your web service using the Salesforce API or are you just calling your website from Salesforce?

 

Unless your web service needs to connect back to Salesforce, then there is no reason to do any authentication.
edsheppaedsheppa

I'm calling out of Salesforce, but I do need to authenticate the access to my service. I want to piggyback on the Salesforce authentication and the documentation says it is possible. I just don't know  how.
JK__JK__
Pass the sessionID to your webservice and have it call getUserInfo(). If the call succeeds then the session is valid. From the result you can get the user's Id and email and perform whatever checks you wish on your end. If you feel adventurous you could setup SSL authentication; search for Using Certificates.
edsheppaedsheppa

Thanks. For those who follow after, here's a wiki article that talks about this: http://wiki.developerforce.com/index.php/Single_Si​gn_On_for_Composite_Apps.

 

Having to get the callback server URL from Visualforce is hacky. Seems like triggers and batch jobs will be sol. is there some way to get it directly in Apex?