Apex Code Development You need to sign in to do that
Don't have an account?
CompetitiveDad Delegated Authentication Question
Hi,
I need to use delegated authentication to enable single sign on (SS0) when going between an intranet application and SFDC.
I've read the basic How To, but it does not explain how to send credentials to SDFC, nor where to send them. I've done a search on here but couldn't find anything, only a post by someone who said they had found the information in the API and then didn't actually post the answer.
The sample from the API (gotosdfc.aspx) does a post to login.jsp and has some hidden fields but I've been unable to find out in the documentation where the names of these fields are described/explained, so I don't know the full list or what some of them mean (for instance there is no field in the sample for IP address yet this is one of the pieces of information sent back for authentication).
Can someone explain them or post a link to the API reference page where they are explained?
Also, I would like to write the Authenticate web service using WCF and WS-*. Is this supported?
Essentially we have very personal and private data flying down the wire and our tech governance people are unlikely to be fully happy with only transport level security with SSL, they will almost certainly want message level as well.
So, 1. what are the fields that I need to post and where are they described and where do I post them to, and 2. is WCF/wsHttpBinding supported, and if not is there a way for me to do message level security with SFDC.
TIA,
CD
I need to use delegated authentication to enable single sign on (SS0) when going between an intranet application and SFDC.
I've read the basic How To, but it does not explain how to send credentials to SDFC, nor where to send them. I've done a search on here but couldn't find anything, only a post by someone who said they had found the information in the API and then didn't actually post the answer.
The sample from the API (gotosdfc.aspx) does a post to login.jsp and has some hidden fields but I've been unable to find out in the documentation where the names of these fields are described/explained, so I don't know the full list or what some of them mean (for instance there is no field in the sample for IP address yet this is one of the pieces of information sent back for authentication).
Can someone explain them or post a link to the API reference page where they are explained?
Also, I would like to write the Authenticate web service using WCF and WS-*. Is this supported?
Essentially we have very personal and private data flying down the wire and our tech governance people are unlikely to be fully happy with only transport level security with SSL, they will almost certainly want message level as well.
So, 1. what are the fields that I need to post and where are they described and where do I post them to, and 2. is WCF/wsHttpBinding supported, and if not is there a way for me to do message level security with SFDC.
TIA,
CD
The IP Address is taken from the network socket, no need for it to b explictly passed.
We don't support WS-Security, you can use any toolkit you like to process the message as long as it can generate responses that conform to the schema.
We don't support WS-Sec because it provides nothing over using just SSL for single hop scenarios, and SSL is vastly more interoperable and robust.
Hi Tracey,
I blogged about how to do this here. We had to use basicHttpBinding and SSL in the end as SDFC does not support WS-Security.
Simon, whilst I understand your point about SSL being interoperable and robust, WS-Security is as well, that is the whole point of standards.
WS-Security allows for more than just HTTP access to services whilst SSL does not (WCF has support for many protocols out of the box). SSL encrypts only the transport not the message itself (or parts of the message as required) so it is not possible to check that a message has not been changed in transit using SSL only. Also, in your scenario you assume a single hop, but this may not be the case in all customer scenarios, and WS-Security allows you proper end-to-end security and when combined with other parts of the WS-* standards is considerably more robust and interoperable if the other systems also support the WS-* standards.
Anyway, Tracey hopefully the link should help you out.
Thx,
CD
Hi CD
Thanks for your blog link. Would it be possible if you could send me your code you used to implement this?
I have a tight deadline for a SSO project.
Thanks
Stephen
smoore10000@gmail.com
Hi,
I've now uploaded a sample service to my blog article so hopefully that should get people started.
My article is here.
Thx,
CD
Hey,
Here is a project with .Net code for SSO Login. It also includes an Outlook plugin. We have had this running for a few month. Enjoy!
SSO Source Code