+ Start a Discussion
learn2forcelearn2force 

Customer Portal Login SSO with Salesforce as IDP

Hi,

 

We are trying to implement SSO in our org, we are able to put salesforce as IDP and connect it to other SP (php based) using simplesamlPHP. But we are not able to retrieve any customer portal user to be authenticated.

 

Is it possible to authenticate customer portal user with Salesforce as IDP? Currently, we only able to authenticate salesforce standard user.

 

I am already following this guideline:

https://login.salesforce.com/help/doc/en/identity_provider_enable.htm

https://login.salesforce.com/help/doc/en/service_provider_define.htm

choose all of customer portal profiles, but it still cannot get authenticated

 

 

Is there other configuration that I have to do or missed?

 

Thanks,

soofstersoofster

Hi,

 

Were you able to resolve the issue???  I'm hitting the same issue, in a critical situation.  Any help would be appreciated.

 

Thanks.

learn2forcelearn2force

I have not get any solution on this yet :( We are taking this module into a halt for now and concentrating on the other module.

soofstersoofster

Not sure if this would help you, but the mistake that I was making was that I was testing it the wrong way!!! (would you believe that...)  So, if you're logged into the Customer Portal using 'Login As Portal User' button on the Contact record, it wouldn't work!  And it also wouldn't work if you're 'logged in as' an internal user.

 

Hope this helps!

SvenSven

Hi Did you find a solution for your problem we have exactly the same issue.

 

But we use a java website application that uses Salesforce as Identity provider and if we login in with a standard Salesforce user then it works like a charm but if we use a portal user then it does not work.

 

 

learn2forcelearn2force

Hi, 

 

We are able to authenticate high volume customer portal. It's all due to configuration on both IDP and SP.

 

For the salesforce IDP part, this is what we do:

* Enable Identity provider

* Download the certificate 

* configure one service provider which points to our SP (in our case is simplesaml )

* Point the acs url to your SP 

* make sure that entity id we put in here match with our SP

* Once it finishes, we allow our high volume customer portal to access this service provider ( click on 'Profiles' next to the SP)

 

On our SP part, what we do:

* Use the certificate from salesforce

* match the entity id and acs url

 

And everything works fine in our case. 

 

Hope that helps.

SvenSven

Hi Thank you for your reply.  We will check our settings but i think we do this already like you describe.

We will check some further and do some further testing.

 

Thx

 

Sven

SvenSven

Hi we tried this out but can't seem to manage the login with the portal users.

 

In your service provider config settings what is your IDP login url then? the portal login page or the standard salesforce login page.

 

If we use there the portal login page and add /idp/login?app=appid then that doesn't work for us

 

We tried this also with the Sites login page.

 

Thx for the help

 

Sven

 

 

ChadMeyerChadMeyer

Sven, any chance you have an update on this? I too was under the impression that Salesforce can *not* serve as an IDP for Customer Portal users. It seems like that may have changed recently or may be changing soon with the new Identity offering.

SvenSven

Hi Chad,

 

The problem was that we used an external java site build on Heroku that we used as a kind of customer portal. So we created a login page their and we got back the saml response but not a token so we needed to query again to salesforce to get a correct token. but tis was more due to the fact that we "faked" the customer portal functionality. If we used the login page on sites then that worked fine.

 

there is a pretty good doc on this here http://wiki.developerforce.com/page/CRC:SSO

Chris ZhuangChris Zhuang

Thanks, Sven, the solution actual works for us.

 

We have 50,000 high volume customer portal licences, I am able to use those for SSO all the third party apps.