You need to sign in to do that
Don't have an account?
asingh
SSO SSL understanding
HI, I am very confused..
We are using code to communicate via SAML with Salesforce.
We are trying to be a ldP and I am confused on;
1. Do I create the Cert / Keys from Salesforce? if Not then I use a CA to create, fine.
2. What is the FQDN or just domain name that should be used? x.salesforces.com ?? or my domain?
3. Do I upload the Cert or Private key to Salesforce? Then I will understand what I need on myside.
Thank you for help/understanding. These simple questions don't seem to be clear to me anywhere.
thanks Scott. Hope you can anwser this too. :)
Let me give you somemore background.
Our dev team is building the ldP portion on our IIS webserver(s). They are builidng this using SAML code.
Enduser client > Load balancer > IIS webserver(s) > SSO > Salesforce/SP
So dev team is saying they need the public cert and private key in order to digitally sign the request they send to Salesforce/SP so Saleforce/SP knows it is us and trusted opposed to someone who is not trusted and has not digitally signed the request.
Now, as for as I understand via the handshaking process what they are asking is not needed but... I dont know 100%.
any guidance would be great.
Thanks
Is this something Saleforce support will be able to anwser for me?
Thanks
I'm sure they could help yes.
I think the question is easy enough though...
SAML messages are transported via the browser itself, not via SSL connection directly between your IIS server and SFDC. The SAML messages are carried as part of the HTTP payload. You don't require an SSL certificate on your end. However, you do need to digitally sign your Assertions at your IdP side. For this, any certificate will do - it could even be a self-signed one. You don't need to source it from a publicly trusted CA (such as VeriSign or Entrust).
You will import the public signing (verification) certificate in SSO configuration at SFDC. The private signing key should only be held by your application itself.
Hope that helps...
Scott