function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
ErikGEnErikGEn 

SSO - Delegated Authentication

Hi

Anyone know the meaning of the login form fields ?
un => is the login yser name
pw => the password
startUrl ==> ???
LogoutUrl ==> where the logout in Salesforce will redirect (?)
ssoStartPage ==> ???
jse ==> ???
rememberUn ==> ????

Thanks
benjasikbenjasik
startUrl - URL where system will redirect to after successful login

ssoStartPage - Cookie that is set on successful login.  When a user is unathenticated and tries to access a SFDC page, the system will redirect to this page with the startURL, instead of the actual login page. This allows
 you to build an SSO solution that can take a user directly to a link without having to login, once they have successfully logged in using sso once

jse - javascript enabled

rememberUn - whether the login page should remember the username

The sample code should have code that sets jse.

Let us know if you have any other questions as you look to implement SSO  
ErikGEnErikGEn

Thanks for your explaination.

My dev SSO work fine, I did different test with the different patameter (startURl,logoutUrl,...).

I do not understand the parameter ssoStartPage.  could you give an example ?

when I try to simulate a scenario, nothing happen :(

Thanks

ChangzhaoChangzhao
ssoStartPage : the URL will be redirected after session timeout.
glorgeglorge
Which, if any, of these fields are supported by the Customer Portal login page?  
sumitasumita

Hi,

 

I'll be grateful if you help me.

the thing is that, we have implemented SSO for a client. but, when session timeout happens, it does not redirect to the intranet login page, neither any session timeout popup appears(unlike in normal salesforce working).

 

Please find the assertion below:

 

 

<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://login.salesforce.com/?saml=EK03Almz90RPX1sk0F3gL_UQYTUnDzlvpUFiii6CkZKlxbr67y7HYzOqcz" ID="_7eb309180a7ecca5e8aa585f28cbdfe39e6f" IssueInstant="2009-09-30T20:07:37Z" Version="2.0"> <ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">abc.com</ns1:Issuer> <Status> <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </Status> <ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_3a3d0167a97b60515d1e34a2d412ff271ac6" IssueInstant="2009-09-30T20:07:37Z" Version="2.0"> <ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">abc.com</ns2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Reference URI="#_3a3d0167a97b60515d1e34a2d412ff271ac6" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">ex7zmBjvM0wMmImMJOIqFILJBlU=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> PX7j4coCVBymjz+tG/Xy+0IvgDYNU5/rfoOWFZecf3eKF5oXKUm1YBK/2uuHZ1nDb5AWb8zgLaF/ NpjLkJ5lfJmN+M2cyd0fgm4XGd2Eu+P/7mmG9+HYGrik/SCKWibQab8x3ZDCt5znDbQyakVTeE4o AtzxcHW/blGJ0mtqmyU= </ds:SignatureValue> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> MIIERzCCAy+gAwIBAgILAQAAAAABIX6aGX4wDQYJKoZIhvcNAQEFBQAwUDEXMBUGA1UEChMOQ3li ZXJ0cnVzdCBJbmMxNTAzBgNVBAMTLEN5YmVydHJ1c3QgU3VyZVNlcnZlciBTdGFuZGFyZCBWYWxp ZGF0aW9uIENBMB4XDTA5MDUyNjE5MzAyM1oXDTEyMDUyNjE5MzAyM1owgfExFzAVBgNVBAMTDlNB UyBGZWRlcmF0aW9uMRwwGgYDVQQEExNJZGVudGl0eSBGZWRlcmF0aW9uMSAwHgYDVQQqExdTQVMg RmVkZXJhdGlvbiBQcm92aWRlcjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkFaMRAwDgYDVQQHEwdQ aG9lbml4MRkwFwYDVQQKExBBbWVyaWNhbiBFeHByZXNzMSAwHgYDVQQLExdJbnRlci9JbnRyYW5l dCBTZWN1cml0eTEtMCsGCSqGSIb3DQEJARYedGVjaG5pY2FsLnNzby5zdXBwb3J0QGFleHAuY29t MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDig+SHwHzMj5bXwX/Zm3KXs0v0dnIrJhtr2PJS pYh2/gvvDIVRh4wInE2RaTM5bDNc4wg1WxuCa4BKpqtfGvzZpPpLl3GXRA+8QjxWqBbsHXpE/zD6 rC5BJbY5rkkgS7+KL+Lw8M4gJFzVBlHemusBKW+zO5Fs+viZnuFsDQIJowIDAQABo4IBAjCB/zAf BgNVHSMEGDAWgBTNOpafrm4PQFwcSPhLLbhxAeuJ2jA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8v Y3JsLm9tbmlyb290LmNvbS9TdXJlU2VydmVyRzIuY3JsMB0GA1UdDgQWBBSsICr0lE734pSba+oE iK9xYYgvujAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD AjBPBgNVHSAESDBGMEQGCSsGAQQBsT4BMjA3MDUGCCsGAQUFBwIBFilodHRwOi8vY3liZXJ0cnVz dC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUFAAOCAQEAbHHbrP1SM8TVosWi cOuihB1BzJexdfbFGJPoSWhpz3nRcVm+G/q3tUOuTZfRVDTUVlu2MT0PU8YDk4KSI29GMQwXuEhD p5KKA5f2sgBrYJHS1bx0n42SVRpN6bbascFkpe4I8bGkatRk6j+GBleFozFCNiZeex64meBNX68R vy+JtCTQVVxcZHj/I+aGw+ZknAeI0UL7J96xuE0IY6dcIK+36bWdE17Vsnxgwi39VijAbRBb41Zn Kvs5lSf94qWEE2ikIOKD4ZHTSFWpcnbYaoiDDSFZJZpTD0RsijQu4pcnVYsoQGDNIEO/6EFhFSQH RTW0sOo2ZbxeBpommEEDpg== </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <ns2:Subject> <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">C1466791</ns2:NameID> <ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <ns2:SubjectConfirmationData NotOnOrAfter="2009-09-30T20:09:07Z" Recipient="https://login.salesforce.com/?saml=EK03Almz90RPX1sk0F3gL_UQYTUnDzlvpUFiii6CkZKlxbr67y7HYzOqcz"/> </ns2:SubjectConfirmation> </ns2:Subject> <ns2:Conditions NotBefore="2009-09-30T20:07:07Z" NotOnOrAfter="2009-09-30T20:09:07Z"> <ns2:AudienceRestriction> <ns2:Audience>salesforcetravel</ns2:Audience> </ns2:AudienceRestriction> <ns2:AudienceRestriction> <ns2:Audience>https://saml.salesforce.com</ns2:Audience> </ns2:AudienceRestriction> </ns2:Conditions> <ns2:AuthnStatement AuthnInstant="2009-09-30T20:07:36Z" SessionIndex="Q+pzvs+8Rr7Z6tlt8IIpmRVDFdY=zIabKw==" SessionNotOnOrAfter="2009-09-30T20:09:07Z"> <ns2:AuthnContext> <ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef> </ns2:AuthnContext> </ns2:AuthnStatement> <ns2:AttributeStatement> <ns2:Attribute Name="employeeid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <ns2:AttributeValue>C1466791</ns2:AttributeValue> </ns2:Attribute> <ns2:Attribute Name="ssoStartPage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <ns2:AttributeValue>http://www.defweb.com/travelforcelogin</ns2:AttributeValue> </ns2:Attribute> <ns2:Attribute Name="logoutURL" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <ns2:AttributeValue>https://central101.intra.abc.com/portal/site/defweb/menuitem.daa2dd4f4649fd301aae0ff54c2bda49/&amp;level=1?epi-content=CMU&amp;cmu_page=10002295&amp;format=leftmidwithoutcolor&amp;leftnav=false</ns2:AttributeValue> </ns2:Attribute> </ns2:AttributeStatement> </ns2:Assertion> </Response>

 

 

Could you please help me so that salesforce redirects to the intranet login page.

Waiting in anticipation,

 

 

Thanks,

 

Sumit