function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Rest API IntegrationRest API Integration 

Salesforce & OpenAM(OpenSSO ) integration problem

Hi,

I am doing integration of SalesForce and OpenSSO with SAML.

I have implemented steps mentioned in

http://wiki.developerforce.com/page/Single_Sign-On_with_SAML_on_Force.com site.

    There are two important use cases for SAML –

           1. Identity Provider Initiated Login,

                             where a user starts directly at their identity provider, logs in, and is then redirected to a landing page at the service provider;

                            This case working fine 

            2. Service Provider Initiated Login,

                            where a user starts by clicking a link to the the service provider (e.g. a bookmark, mailed link, etc.) and temporarily redirected to the identity provider for authentication, then returned to the link they initially requested.

 

I am trying to implement 2nd Scenario : I am performing following steps

           1. created my domain in SalesForce and deployed for Users

           2. Added Identity Provider in Single Sign-On Settings

           3. When I access My Domain URL. It redirect me to Identity provider login page.

           4. After login to IDP it won’t redirect back to SalesForce page. It shows IDP success page.

 

How should I redirect back to SalesForce success page?

Best Answer chosen by Admin (Salesforce Developers) 
Rest API IntegrationRest API Integration

Thanks for your input.

Yes I did configuration already with this but no success.

 

However I get confused in following section

Advice for Deploying Applications

  

  • Confirm that SP-initiated SAML is working properly. Often deployments may have difficulty properly propagating the 'RelayState' parameter through a SAML Request and Response. While this is a standards based approach, you should verify that you are using the specific endpoints with your IdP for SP-initiated SAML, that the 'RelayState' parameter's URL encoding is properly maintained, and that the exact value that is sent to the IdP is echoed back to Force.com. The returned value must match what is sent *exactly*.

i checked parameters with live Http Header. both are same. difference only is in IDP section it is normal URL . and in SP initiated URL its encoded so does it going to make an problem.

 

 Whats your opinion ?

 

 

 

All Answers

BobbyCBobbyC

Did you see this? Does it help?

http://wiki.developerforce.com/page/Single_Sign-On_for_Desktop_and_Mobile_Applications_using_SAML_and_OAuth
Rest API IntegrationRest API Integration

Thanks for your input.

Yes I did configuration already with this but no success.

 

However I get confused in following section

Advice for Deploying Applications

  

  • Confirm that SP-initiated SAML is working properly. Often deployments may have difficulty properly propagating the 'RelayState' parameter through a SAML Request and Response. While this is a standards based approach, you should verify that you are using the specific endpoints with your IdP for SP-initiated SAML, that the 'RelayState' parameter's URL encoding is properly maintained, and that the exact value that is sent to the IdP is echoed back to Force.com. The returned value must match what is sent *exactly*.

i checked parameters with live Http Header. both are same. difference only is in IDP section it is normal URL . and in SP initiated URL its encoded so does it going to make an problem.

 

 Whats your opinion ?

 

 

 


This was selected as the best answer