+ Start a Discussion
Longhorn94Longhorn94 

How to get SOAP API Session ID from SAML token

Hello,

 

Does anyone know how to get a session ID for the SOAP API from a SAML token?  I haven't found much documentation beyond the brief mention of it here: https://login.salesforce.com/help/doc/en/remoteaccess_oauth_web_sso_flow.htm

 

I've gotten a valid SAML token from my local ADFS service, my Salesforce.com organization is configured for SSO and I can log in with SSO through the browser.

 

Here's what I have

HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://login.salesforce.com/services/oauth2/token?saml=EK03Almz90tebkf_LSfPhrv06c....");
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";
request.KeepAlive = true;
request.Host = "login.salesforce.com";
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729)";
request.Accept = "image/jpeg, image/gif, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*";

string RequestBody =
    "grant_type=assertion" +
    "&assertion_type=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprofiles%3ASSO%3Abrowser" +
    "&assertion=PHNhbWxwOlJlc3BvbnNlIElEPS..." +
    "&format=xml";

 When I submit this request, I get the error:

 

Error code: BadRequest  <?xml version="1.0" encoding="UTF-8"?><OAuth><error_uri>https://na14.salesforce.comnull/setup/secur/SAMLValidationPage.apexp</error_uri><error>invalid_grant</error><error_description>invalid assertion</error_description></OAuth>

 

...though I've set the grant_type and assertion fields as called for in the documentation.

 

I appreciate any help on this!

 

Best Answer chosen by Admin (Salesforce Developers) 
Longhorn94Longhorn94

I found the problem: the SAML token needs to be urlencoded before sending it in the request.  On a client app it can be done this way:

 

strSAMLToken = Uri.EscapeDataString(strSAMLToken);

 

If you get the above error, it means Salesforce was able to parse the the SAML token, and you can go into the Salesforce.com SSO Settings : SAML Validator screen and check the most recent SAML request status to see what the error was.

 

I hope this helps someone!

 

All Answers

Longhorn94Longhorn94

I found the problem: the SAML token needs to be urlencoded before sending it in the request.  On a client app it can be done this way:

 

strSAMLToken = Uri.EscapeDataString(strSAMLToken);

 

If you get the above error, it means Salesforce was able to parse the the SAML token, and you can go into the Salesforce.com SSO Settings : SAML Validator screen and check the most recent SAML request status to see what the error was.

 

I hope this helps someone!

 

This was selected as the best answer
Omnia88Omnia88

i am implementing client application that access sales force using SSO and Outh on android,

 

your code help me so much so thank you, but i am now facing another problem ,  i success to get the session id and access token , but the response come with data needed (the access token and id are returned ) one time and other times (around 30 times) it fail (it say invalid assertion, i don't know why

 

 

 

my code:

 

final HttpClient httpclient = new DefaultHttpClient();
                final HttpPost post = new HttpPost("https://login.salesforce.com/services/oauth2/token");

                post.setHeader("Content-Type", "application/x-www-form-urlencoded");
               
                samlResponse = Uri.encode(samlResponse);
                String RequestBody =
                        "grant_type=assertion&" +
                        "assertion_type=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprofiles%3ASSO%3Abrowser" +
                        "&assertion=" + samlResponse +
                        "&format=json";
                
                post.setEntity(new StringEntity(RequestBody));

                final HttpResponse response = httpclient.execute(post);

 

not every time the response come right,  can you help me?