Apex Code Development You need to sign in to do that
Don't have an account?
Delegated Authentication (SSO) Delegated Authentication (SSO)
I need to use delegated authentication to enable single sign on (SS0) when going between our server in DMZ and SFDC.
- How the secure channel will be establish between SFDC and our DMZ server? (We propose VPN solution)
- If it is through HTTPS, let us know what need to be done from our side.
- As per our policy, we will not publish our server to outside the world. (NATing)
- Is that trusted certificate has to apply on our server. Who will provide us the trusted certificate?
- As per the architecture of SFDC, there are load balancers placed in front of the servers, then why it is required to white list mentioned range of 512 IPs in the firewall?
Please let us know the mentioned concerns to have a best solution and secure connectivity.
1 & 2. You supply the URL so you have the option of using SSL (recommended). VPN tunnels are not supported for this connection.
3. NAT is fine as long as there is a VIP or external port that will redirect to the service providing the delegated auth response
4. If you use SSL, you should have the certificate signed by one of the trusted CAs. http://wiki.developerforce.com/index.php/Outbound_Messaging_SSL_CA_Certificates
5. You may be confusing inbound load balancing with clustering. Outbound callouts do not come from the same VIPs that handling inbound requests and can come from one of many servers or intermediate systems such as proxies.