You need to sign in to do that
Don't have an account?
Webservice http callout for assertion between two SF org using SSO
Hi,
I am trying to access one salesforce org's records from another one using SSO. I have already built a sF org as Identity Provider (HUB) and other as service provider(Spoke). Now it is working fine for few scenarios, like from service provider's IdP-Initiated Login URL, I can redirect to service provider without login. But I want to extract Service Provider's records from my IdP using my apex class. For this I have followed the way it was defined in online doc, link:
http://na14.salesforce.com/help/doc/en/remoteaccess_oauth_web_sso_flow.htm
The class I have written in IdP is as follows:
global class OtherOrgController
{
Webservice static String fetchFromOtherOrg()
{
String url = 'https://login.salesforce.com/services/oauth2/token';
String body = '';
body += 'grant_type=assertion';
body += '&assertion_type=urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser';
body += '&assertion=<response code>'; //here i didn't paste actual response id
body += '&format=urlencoded';
HttpRequest req1 = new HttpRequest();
req1.setEndpoint(url);
req1.setMethod('POST');
req1.setTimeout(60*1000);
req1.setBody(body);
req1.setHeader('Content-Type','application/x-www-form-urlencoded');
Http h1 = new Http();
String resp1 = h1.send(req1).getBody();
return resp1;
}
}
Here in the assertion parameter, I have used the response id got from SP's SAML Assertion Validator's result. (Is this assertion right one?). Now when ever I call this method, it gives error as follows:
error=invalid_grant&error_description=invalid%20assertion&error_uri=https%3A%2F%2Fna4.salesforce.comnull%2Fsetup%2Fsecur%2FSAMLValidationPage.apexp
Here I can't even understand why 'na4' is being involved when none of SP and IdP belong to na4.
Please help me out of this problem.