You need to sign in to do that
Don't have an account?
How to get SOAP API Session ID from SAML token
Hello,
Does anyone know how to get a session ID for the SOAP API from a SAML token? I haven't found much documentation beyond the brief mention of it here: https://login.salesforce.com/help/doc/en/remoteaccess_oauth_web_sso_flow.htm
I've gotten a valid SAML token from my local ADFS service, my Salesforce.com organization is configured for SSO and I can log in with SSO through the browser.
Here's what I have
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://login.salesforce.com/services/oauth2/token?saml=EK03Almz90tebkf_LSfPhrv06c...."); request.Method = WebRequestMethods.Http.Post; request.ContentType = "application/x-www-form-urlencoded"; request.KeepAlive = true; request.Host = "login.salesforce.com"; request.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"; request.Accept = "image/jpeg, image/gif, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*"; string RequestBody = "grant_type=assertion" + "&assertion_type=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprofiles%3ASSO%3Abrowser" + "&assertion=PHNhbWxwOlJlc3BvbnNlIElEPS..." + "&format=xml";
When I submit this request, I get the error:
Error code: BadRequest <?xml version="1.0" encoding="UTF-8"?><OAuth><error_uri>https://na14.salesforce.comnull/setup/secur/SAMLValidationPage.apexp</error_uri><error>invalid_grant</error><error_description>invalid assertion</error_description></OAuth>
...though I've set the grant_type and assertion fields as called for in the documentation.
I appreciate any help on this!
I found the problem: the SAML token needs to be urlencoded before sending it in the request. On a client app it can be done this way:
strSAMLToken = Uri.EscapeDataString(strSAMLToken);
If you get the above error, it means Salesforce was able to parse the the SAML token, and you can go into the Salesforce.com SSO Settings : SAML Validator screen and check the most recent SAML request status to see what the error was.
I hope this helps someone!
All Answers
I found the problem: the SAML token needs to be urlencoded before sending it in the request. On a client app it can be done this way:
strSAMLToken = Uri.EscapeDataString(strSAMLToken);
If you get the above error, it means Salesforce was able to parse the the SAML token, and you can go into the Salesforce.com SSO Settings : SAML Validator screen and check the most recent SAML request status to see what the error was.
I hope this helps someone!
i am implementing client application that access sales force using SSO and Outh on android,
your code help me so much so thank you, but i am now facing another problem , i success to get the session id and access token , but the response come with data needed (the access token and id are returned ) one time and other times (around 30 times) it fail (it say invalid assertion, i don't know why
my code:
final HttpClient httpclient = new DefaultHttpClient();
final HttpPost post = new HttpPost("https://login.salesforce.com/services/oauth2/token");
post.setHeader("Content-Type", "application/x-www-form-urlencoded");
samlResponse = Uri.encode(samlResponse);
String RequestBody =
"grant_type=assertion&" +
"assertion_type=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprofiles%3ASSO%3Abrowser" +
"&assertion=" + samlResponse +
"&format=json";
post.setEntity(new StringEntity(RequestBody));
final HttpResponse response = httpclient.execute(post);
not every time the response come right, can you help me?