+ Start a Discussion

CNAME SSO for customer portal

We are working on whitelisting the customer portal. We want to do two things, use a custom CNAME for the portal and also use SSO to automatically log our customers into the portal.



I have both of these items working, but not together. I can sign users in via SAML SSO to the case portal (but the URL shows up as https://ssl.salesforce.com...) not our CNAME. I can also access the portal via the CNAME (but then they aren't authenticated).


According to http://wiki.developerforce.com/page/CRC:SSO#Use_Cases.2F_Scenarios_and_Appropriate_Solution_Options, both options are possible. My question is, can both be done at the same time?


The problem I'm noticing is when we set the SAML login URL to http://supportcases.domain.com, it won't sign in. I ran the SFDC SAML verfication query and got this as the result: 


However, when I change the login URL to https://ssl.salesforce.com, then it stays on the ssl.salesforce.com domain instead of my supportcases.domain.com CNAME.


Any ideas?


Thanks much!



You won't be able to use a custom URL with SSL. The problem is that the SSL negotiation takes place at a lower level than HTTP, and is based on the IP address rather than the server name header.