Apex Code Development You need to sign in to do that
Don't have an account?
Longhorn94 How to get SOAP API Session ID from SAML token
Hello,
Does anyone know how to get a session ID for the SOAP API from a SAML token? I haven't found much documentation beyond the brief mention of it here: https://login.salesforce.com/help/doc/en/remoteaccess_oauth_web_sso_flow.htm
I've gotten a valid SAML token from my local ADFS service, my Salesforce.com organization is configured for SSO and I can log in with SSO through the browser.
Here's what I have
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://login.salesforce.com/services/oauth2/token?saml=EK03Almz90tebkf_LSfPhrv06c....");
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";
request.KeepAlive = true;
request.Host = "login.salesforce.com";
request.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729)";
request.Accept = "image/jpeg, image/gif, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*";
string RequestBody =
"grant_type=assertion" +
"&assertion_type=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprofiles%3ASSO%3Abrowser" +
"&assertion=PHNhbWxwOlJlc3BvbnNlIElEPS..." +
"&format=xml";When I submit this request, I get the error:
Error code: BadRequest <?xml version="1.0" encoding="UTF-8"?><OAuth><error_uri>https://na14.salesforce.comnull/setup/secur/SAMLValidationPage.apexp</error_uri><error>invalid_grant</error><error_description>invalid assertion</error_description></OAuth>
...though I've set the grant_type and assertion fields as called for in the documentation.
I appreciate any help on this!
I found the problem: the SAML token needs to be urlencoded before sending it in the request. On a client app it can be done this way:
strSAMLToken = Uri.EscapeDataString(strSAMLToken);
If you get the above error, it means Salesforce was able to parse the the SAML token, and you can go into the Salesforce.com SSO Settings : SAML Validator screen and check the most recent SAML request status to see what the error was.
I hope this helps someone!
All Answers
I found the problem: the SAML token needs to be urlencoded before sending it in the request. On a client app it can be done this way:
strSAMLToken = Uri.EscapeDataString(strSAMLToken);
If you get the above error, it means Salesforce was able to parse the the SAML token, and you can go into the Salesforce.com SSO Settings : SAML Validator screen and check the most recent SAML request status to see what the error was.
I hope this helps someone!
i am implementing client application that access sales force using SSO and Outh on android,
your code help me so much so thank you, but i am now facing another problem , i success to get the session id and access token , but the response come with data needed (the access token and id are returned ) one time and other times (around 30 times) it fail (it say invalid assertion, i don't know why
my code:
final HttpClient httpclient = new DefaultHttpClient();
final HttpPost post = new HttpPost("https://login.salesforce.com/services/oauth2/token");
post.setHeader("Content-Type", "application/x-www-form-urlencoded");
samlResponse = Uri.encode(samlResponse);
String RequestBody =
"grant_type=assertion&" +
"assertion_type=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprofiles%3ASSO%3Abrowser" +
"&assertion=" + samlResponse +
"&format=json";
post.setEntity(new StringEntity(RequestBody));
final HttpResponse response = httpclient.execute(post);
not every time the response come right, can you help me?