You need to sign in to do that
Don't have an account?
Need Help for Delegated Authentication SSO
I am going to implement Delegated Authentication Single Sign-On in my Org. I learned basic idea from salesforce.com online help and some pdf files. But I have some queries regarding it. As below :
1. Where those user name and password will be store after login?
I followed the below steps to implement Delegated Authentication Single Sign-On :
1. Sent request to salesforce to turn on SSO feature.
2.downloaded AuthenticationService.wsdl from org and created server stub in .NET
3. I got sample code for .NET from the link http://wiki.developerforce.com/index.php/How_to_Implement_Single_Sign-On_with_Force.com
4. Now I am going to publish this code and put it on some test server. Copy the server IP (where I putted publish code with web service) and pasted under delegated authentication SSO in my org into delegated URL textbox.
6. I downloaded ,NET code from above link, Should I publish this code and host on any server?
7.What will be delegated gateway URL?
8. there is any other settings or changes in the downloaded .NET code (from above link)?
I am following thiese steps. I have doubt to get my objective. Is this correct? Tell me where I am wrong?
What will be my IP settings and what will be settings for other things like user id and password?
Your help and response will be appreciated :)
Thanks
credentials are not stored. Salesforce.com is basically playing messenger with the credentials. User submits un/pwd to the login form, and the platform just calls out to your delegated auth provider with whichever credentials the user submitted.
Your delegated auth SSO URL *must* be externally reachable by Salesforce.com. If its on your internal network or test network, your firewall will block the request. Best practice would be to place your code on a server in the DMZ, and create a firewall rule to only allow Salesforce.com to connect.
Salesforce.com is looking for a specific XML response for Delegated Auth. In particular, its looking for <Authenticated>TRUE</Authenticated>. It is your responsibility to sync up the Delegated Auth code to your internal Identity Provider (Active Directory/LDAP or some other system.)
In my opinion, using SAML for SSO is a simpler and more elegant solution for SSO, but Delegated Auth works too.