function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
SSO with Delagated AuthSSO with Delagated Auth 

Need Help for Delegated Authentication SSO

 

I am going to implement Delegated Authentication Single Sign-On in my Org. I learned basic idea from salesforce.com online help and some pdf files. But I have some queries regarding it. As below :

 

1. Where those user name and password will be store after login?

 

I followed the below steps to implement Delegated Authentication Single Sign-On :

 

1. Sent request to salesforce to turn on SSO feature.

 

2.downloaded AuthenticationService.wsdl from org and created server stub in .NET

 

3. I got sample code for .NET from the link http://wiki.developerforce.com/index.php/How_to_Implement_Single_Sign-On_with_Force.com

 

4. Now I am going to publish this code and put it on some test server. Copy the server IP (where I putted publish code with web service) and pasted under delegated authentication SSO in my org into delegated URL textbox.

 

6. I downloaded ,NET code from above link, Should I publish this code and host on any server?

 

7.What will be delegated gateway URL?

 

8. there is any other settings or changes in the downloaded .NET code (from above link)?

 

I am following thiese steps. I have doubt to get my objective. Is this correct? Tell me where I am wrong?

What will be my IP settings and what will be settings for other things like user id and password?

Your help and response will be appreciated :)

 

Thanks

BrendanOCBrendanOC

credentials are not stored.  Salesforce.com is basically playing messenger with the credentials.  User submits un/pwd to the login form, and the platform just calls out to your delegated auth provider with whichever credentials the user submitted.

 

Your delegated auth SSO URL *must* be externally reachable by Salesforce.com.  If its on your internal network or test network, your firewall will block the request.  Best practice would be to place your code on a server in the DMZ, and create a firewall rule to only allow Salesforce.com to connect.

 

Salesforce.com is looking for a specific XML response for Delegated Auth.  In particular, its looking for <Authenticated>TRUE</Authenticated>.  It is your responsibility to sync up the Delegated Auth code to your internal Identity Provider (Active Directory/LDAP or some other system.)

 

In my opinion, using SAML for SSO is a simpler and more elegant solution for SSO, but Delegated Auth works too.