+ Start a Discussion

Customer Portal Login SSO with Salesforce as IDP



We are trying to implement SSO in our org, we are able to put salesforce as IDP and connect it to other SP (php based) using simplesamlPHP. But we are not able to retrieve any customer portal user to be authenticated.


Is it possible to authenticate customer portal user with Salesforce as IDP? Currently, we only able to authenticate salesforce standard user.


I am already following this guideline:



choose all of customer portal profiles, but it still cannot get authenticated



Is there other configuration that I have to do or missed?






Were you able to resolve the issue???  I'm hitting the same issue, in a critical situation.  Any help would be appreciated.




I have not get any solution on this yet :( We are taking this module into a halt for now and concentrating on the other module.


Not sure if this would help you, but the mistake that I was making was that I was testing it the wrong way!!! (would you believe that...)  So, if you're logged into the Customer Portal using 'Login As Portal User' button on the Contact record, it wouldn't work!  And it also wouldn't work if you're 'logged in as' an internal user.


Hope this helps!


Hi Did you find a solution for your problem we have exactly the same issue.


But we use a java website application that uses Salesforce as Identity provider and if we login in with a standard Salesforce user then it works like a charm but if we use a portal user then it does not work.






We are able to authenticate high volume customer portal. It's all due to configuration on both IDP and SP.


For the salesforce IDP part, this is what we do:

* Enable Identity provider

* Download the certificate 

* configure one service provider which points to our SP (in our case is simplesaml )

* Point the acs url to your SP 

* make sure that entity id we put in here match with our SP

* Once it finishes, we allow our high volume customer portal to access this service provider ( click on 'Profiles' next to the SP)


On our SP part, what we do:

* Use the certificate from salesforce

* match the entity id and acs url


And everything works fine in our case. 


Hope that helps.


Hi Thank you for your reply.  We will check our settings but i think we do this already like you describe.

We will check some further and do some further testing.






Hi we tried this out but can't seem to manage the login with the portal users.


In your service provider config settings what is your IDP login url then? the portal login page or the standard salesforce login page.


If we use there the portal login page and add /idp/login?app=appid then that doesn't work for us


We tried this also with the Sites login page.


Thx for the help






Sven, any chance you have an update on this? I too was under the impression that Salesforce can *not* serve as an IDP for Customer Portal users. It seems like that may have changed recently or may be changing soon with the new Identity offering.


Hi Chad,


The problem was that we used an external java site build on Heroku that we used as a kind of customer portal. So we created a login page their and we got back the saml response but not a token so we needed to query again to salesforce to get a correct token. but tis was more due to the fact that we "faked" the customer portal functionality. If we used the login page on sites then that worked fine.


there is a pretty good doc on this here http://wiki.developerforce.com/page/CRC:SSO

Chris ZhuangChris Zhuang

Thanks, Sven, the solution actual works for us.


We have 50,000 high volume customer portal licences, I am able to use those for SSO all the third party apps.