function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
newbebienewbebie 

Federated SSO implementation with Pingfederate and Salesforce

Hi chuckmortimore,

 

I am  currrently working on the following setup:

1.Pingfederate-6.6.0
2.Windows-IWA-Integration-Kit-2-6
3.Salesforce-Connector-4-1
3.RHEL 5.3 x86_64

I am trying to integrate pingfedearte-6.6.0 with salesforce.

My Aim is Active Directory Users wants to enter into the Salesforce.(ie., IdP-initiated SSO).


I have created the Digital Signing certificate in Ping federate. In Salesforce i have enabled the SSO settings and filled the details of SSO settings. Imported the Digital signed certificate in SSO settings. When i access the SSO endpoint url https://idp-url:9031/idp/startSSO.ping?PartnerSpId=https://saml.salesforce.com  through browser im getting the issue like,

Login Error Your login attempt using single sign-on with an identity provider certificate has failed. Please contact your salesforce.com administrator for more information.”


I thought because of domain is not created in Salesforce facing this issue. So, I have created the Domain in Salesforce and provided the Endpoint URL as https://idp-url:9031/idp/startSSO.ping?PartnerSpId=https://https://testidam-dev-ed.my.salesforce.com. But still i am facing the issue.

When i validate the SAML assertion in the SAMl Validator i got the Following Message.

 

Unexpected Exceptions
  Ok
1. Validating the Status
  Ok
2. Looking for an Authentication Statement
  Ok
3. Looking for a Conditions statement
  Ok
4. Checking that the timestamps in the assertion are valid
  Current time is after notOnOrAfter in Conditions
  Current time is: 2012-08-09T09:35:11.301Z
  Time limit in Conditions, adjusted for skew, is: 2012-08-09T09:28:41.471Z
  Timestamp of the response is outside of allowed time window
  Current time is: 2012-08-09T09:35:11.301Z
  Timestamp is: 2012-08-09T09:20:41.437Z
  Allowed skew in milliseconds is 480000
  Timestamp of the assertion is outside of allowed time window
  Current time is: 2012-08-09T09:35:11.301Z
  Timestamp is: 2012-08-09T09:20:41.469Z
  Allowed skew in milliseconds is 480000
5. Checking that the Attribute namespace matches, if provided
  Not Provided
6. Miscellaneous format confirmations
  Ok
7. Confirming Issuer matches
  Ok
8. Confirming a Subject Confirmation was provided and contains valid timestamps
  Ok
9. Checking that the Audience matches, if provided
  Ok
10. Checking the Recipient
  Ok
11. Validating the Signature
  Is the response signed? false
  Is the assertion signed? true
  The reference in the assertion signature is valid
  Signature or certificate problems
  The signature in the assertion is not valid
  Is the correct certificate supplied in the keyinfo? false
  Certificate specified in settings: CN=PF-Googleapps, OU=IDMCOE, O=Hexaware, L=Chennai, ST=Tamil Nadu, C=IN Expiration: 12 Jul 2013 14:00:34 GMT
12. Checking that the Site URL Attribute contains a valid site url, if provided
  Not Provided
13. Looking for portal and organization id, if provided
  Ok

 

Subject: IDMCOE.COM
Unable to map the subject to a Salesforce.com user

AssertionId: sycHvSK8z0Yp1aLp.vDqdGmY_1T

 

 

Anyone please help me to fix this issue. It will be helpful to me. 

 

 

 

Regards,

Karthick

TooTallSidTooTallSid

I asked one of our Product Support Engineers, Can Yagli, to get in touch with you.  He tells me that he contacted you, set up a WebEx, and got it sorted.

 

Help is always available with PingFederate.  You can open a ticket here.
vinod Bishnoivinod Bishnoi
hi I am facing some issue configuring PingFederate with Salesforce using SSO. Can I get in touch with you for help ?

thanks