+ Start a Discussion

External Auth transferred to force.com site

Hi, we have a fully standalone web site (not force.com) that allows us to register customer portal users and log in, etc all from within the site using back end api calls.


We also have a force.com site for our customer portal where users can view cases, etc.  I am wondering if there is a way to transfer the login session from the external site to the native force.com site without having the user have to log back in to the force.com site.


For example, the user logs in to our external site, then wants to access the customer portal.  They click a link on our external site that takes them to our salesforce customer portal without them having to log back in.




This is definitely possible, have you looked into using SAML for Force.com sites?  You're describing an "identity provider initiated SSO".


If you go down the SAML route, you'll need to make 3 changes:

- setup an Identity Provider on your external service.  This is responsible for recognizing what user is logged into your external service & emitting their identity over to salesforce via a POST-ed SAML assertion

- setup Single Sign On in your salesforce org

- map users between your external service and your salesforce org.  One option is to update the Federation ID of the User object in salesforce to be equal to whatever username/user ID you track in the external system.


This devforce article is a good place to start: http://wiki.developerforce.com/page/Single_Sign-On_with_SAML_on_Force.com