You need to sign in to do that
Don't have an account?
Mobile security problem
We're using OpenAM as our IDP, have SSO and OpenAM turned on for Salesforce. All is working well until we get to the mobile application. I go into settings, set the mobile app for custom host, input our "My domain" url as the hostname and click the "log off now" slider button. When I go into the app, I get the OpenAM login screen (so far, so good), input the username and password into OpenAM and get redirected to a full web page in my sandbox with the message
Unable to Access Page
Required parameter "oauth_consumer_key" not defined.
Error: The value of the parameter specified above contains a character that is not allowed or the value exceeds the maximum allowed length. Remove the character from the parameter value or reduce the value length and re-submit. If the error still persists, please report it to our Customer Support team and provide the URL of the page you were requesting as well as any other related information.
I AM signed onto my sandbox however. I can click around and see the regular web pages.
If I close the app and open it again, I get the OAuth approve/deny screen and then get the regular mobile app screens.
I've checked OpenAM and it not sending a parm called oauth_consumer_key.
Has anybody run into this before, and does anyone have any suggested solutions?
Thanks!
Rose
Are your setup to support SP Initiated SAML, and are your reflecting back the RelayState parameter which we sent you?
Yes to SP initiated SAML. I will put some logging into OpenAM to check on the RelayState parameter. My guess is no. :-)
Let me know what you find - that could be it.
Easiest way to test is to try a deeplink in your browser and see if you land at the right place
I am getting same error when working with chatter. I have tested the deep link on browser succcessfully.
My guess is that you're not echo'ing the RelayState properly. The exact same value must come back as was sent. Your symptoms sound like you might be dropping http parameters from the URL on your side...probably due to some URL encoding issues.
Here's a whitepaper that might help you as well
http://wiki.developerforce.com/index.php/Single_Sign-On_for_Desktop_and_Mobile_Applications_using_SAML_and_OAuth
Hi Chuck, Updating on behalf of Tarakkumar.
I note in Chatter the following is the initial RelayState value sent to our IDP RelayState=/setup/secur/RemoteAccessAuthorizationPage.apexp?display=touchAnd
the following retURL is provided to SFDC retURL=%2Fsetup%2Fsecur%2FRemoteAccessAuthorizationPage.apexp%3Fdisplay%3Dtouch
Therefore these look similar apart from the fact that the return URL does contain URL encoding.
For accessing SFDC Web Front end via a bookmarked web URL accessing object /001/o Our IDP receives RelayState=%2F001%2Fo On return to SFDC
the retURL parameter is retURL=%2F001%2Fo
Therefore the same.
For Outlook Plug In
LoginRelayState=/setup/secur/RemoteAccessAuthorizationPage.apexp?display=popup
On return to SFDC the retURL parameter is retURL=%2Fsetup%2Fsecur%2FRemoteAccessAuthorizationPage.apexp%3Fdisplay%3Dpopup
The RelayState parameters at least do seem to return the same values as they were sent although the returned URL is always encoded. Do these seem correct to you also or is the oauth_consumer_key error received in chatter likely to be related to this somehow?
Thanks for the help!
We're actually sending all those to you with URL encoding, so it may be an issue with the way you're tracing things.
The RelayState you're reporting for Salesforce for Outlook is actually incomplete - we'd have sent you more than that...there are multiple http parameters that get passed. Dropping up the url encoding at some point on your end is likely causing you to loose one of those parameters