+ Start a Discussion
Suman KunduSuman Kundu 

Webservice http callout for assertion between two SF org using SSO



I am trying to access one salesforce org's records from another one using SSO. I have already built a sF org as Identity Provider (HUB) and other as service provider(Spoke). Now it is working fine for few scenarios, like from service provider's IdP-Initiated Login URL, I can redirect to service provider without login. But I want to extract  Service Provider's records from my IdP using my apex class. For this I have followed the way it was defined in online doc, link:



The class I have written in IdP is as follows:

global class OtherOrgController
    Webservice static String fetchFromOtherOrg()
        String url = 'https://login.salesforce.com/services/oauth2/token';
        String body = '';
        body += 'grant_type=assertion';
        body += '&assertion_type=urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser';
        body += '&assertion=<response code>'; //here i didn't paste actual response id
        body += '&format=urlencoded';
        HttpRequest req1 = new HttpRequest();
        Http h1 = new Http();
        String resp1 = h1.send(req1).getBody();
        return resp1;

Here in the assertion parameter, I have used the response id got from SP's SAML Assertion Validator's result. (Is this assertion right one?). Now when ever I call this method, it gives error as follows:


Here I can't even understand why 'na4' is being involved when none of SP and IdP belong to na4.


Please help me out of this problem.