+ Start a Discussion

Secure Portal Login

I was sure that at some point, it was possible to use a secure site page (https://xxx.secure.force.com/sitename/) to login to the customer portal and remain encrypted. I can still use the secure site URL, however after logging in the user is redirected to the non-encrypted url (http://xxx.force.com/sitename/). 

The "workaround" I found is to change the site_login class to redirect the user the actual portal url including the username/password in the URL:


startUrl = 'https://na3.salesforce.com/secur/login_portal.jsp?'
   + 'orgId=00D50000000xxx&portalId=060500000000xxx'
   + '&un=' + username + '&pw=' + password;
retURL = new PageReference(startURL);


Though this is technically an encrypted URL, the result is different. For example, sharing a URL such as https://na3.salesforce.com/a1aW00000004D1R has a different result than sharing https://xxx.secure.force.com/sitename/a1aW00000004D1R. If a portal user clicks the first link they're taken to a standard Salesforce login page, however they'll be unable to login because their credentials are for a portal only.


Best Regards,