+ Start a Discussion
gleebsgleebs 

Customer Portal registration SSL issue

 

I have a site attached to a customer portal.  Say www.mysite.com.  The site is setup to use http, not https.  I have a registration form on the site for new customers which creates a customer portal user.  The creation of the user works but the redirect after does not.

 

You are required to use the forceSSL attribute on the form tag, which is okay with me but that forces them to mysite.secure.force.com.

 

Now when people register, they get sent to mysite.secure.force.com and this mysteriously login screen that I don't have seem to have control over.

 

There is a thread about changing the SSL settings in the session settings and login settings for you site but that did not seem to do the trick because I still have to use the forceSSL attribute or the registration fails.

 

Here is what I would like to happen....

 

1.  User goes to http://www.mysite.com/register

2.  Fills out the form and submits to https://mysite.secure.force.com.

3.  User is then logged in to http://www.mysite.com

 

Is there anyway to make this happen?

 

TIA,

Brian

BulentBulent

what you described should work:

1- you have to use the forceSSL="true" so that registration/login form will be submitted securely

2- on the site login settings page check the use http after login check box so that system will revert back to http after the login

 

however, as you said url will stay https if an error happens on the form submission and there is no work around for that at this point.

RyanGuestRyanGuest

To add on to what Bulent said, I'd also suggest you customize your error pages. 

gleebsgleebs

Thanks for the reply.

 

I don't seem to see a "Use http after login" setting on the Site's login settings page.

 

Are you referring to the "Require Non-Secure Connections (HTTP)"?

 

My site has that checked.  Also, as far as I can tell there are no errors happening.  The user is created successfully.  It just doesn't redirect back to http as desired.

 

Thanks again,

Brian

BulentBulent

>Are you referring to the "Require Non-Secure Connections (HTTP)"?

yes.

 

can you post your site url? I can take a look at the setup 

gleebsgleebs

I probably should give you more info :)

 

It's the reg on the left of the homepage.

 

Relevant code is ....

 

        userId = Site.createPortalUser(u, accountId, password);

        if (userId != null) {
            return Site.login(username, password, accessPoint);
        }

 

Thanks

BulentBulent

login worked fine for me. As you know login and registration for is submitted securely (forceSSL=true) and system after successful login changes the url back to http based on the login settings.

 

However, you have the issue with the registration. You are passing a fully qualified url as your startURL, it can only be a relative url

gleebsgleebs

 

Thanks again.

 

The login has always worked properly.  It's the registration that won't redirect correctly.

 

I changed the startURL to a hard coded relative url.  The issue is still there.  What's weird is that the URL it is redirecting to has a parameter of the fully qualified url.  I did a search through all my code.  No where am I using that url.  I also thumbed through the settings of the site and customer portal and don't see a setting for a redirect url anywhere (I wouldn't expect there to be either).

 

Any ideas?

Brian

BulentBulent

in your RegistrationController can you try this?

 

 return Site.login(username, password, '/RFQList');

 instead of this

 return Site.login(username, password, '/RFQList?sfdc.tabName=01rA00000004hwd');

 

 

BulentBulent

strange. Login with starturl works but registration and login with startURL doesn't work. I can replicate this in my demo org.

 

I'll investigate this.

gleebsgleebs

Thanks for looking at this.  Can you think of any work arounds?  This site is supposed to launch this week and this issue is holding us up.

 

I've tried everything I can think of and it redirects to this page no matter what I try.

 

Much appreciated?

Brian

gleebsgleebs

From what I've read, It's not possible to have your custom domain entirely on SSL.  For example, https://www.mysite.com.  Is this correct?

gleebsgleebs

Bump...

 

Has anyone run into this?  I now have a second site where this is a problem.  Thanks for any help.