function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
d@vidSFd@vidSF 

Salesforce as Identity Provider (and SP): organization_id atribute not allowed (in SAML Response)

Hi,

I'm trying to configurate a salesforce org as IDP an another org as SP(service provider)  for SAML authentication. For standar user my configuration works !! , but in SSO for portal user, portal_id and organization_id attributes are required in SAML resposne.

In SP environment's login history appears: 

Login type: SAML Customer Service Portal SSO

Status: Failed: Invalid Portal Id

 

Then, I've created portal_id attribute in SP configuration on my salesforce Idp environment. New attempt has generated a new status in SP environment's login history:

Login type: SAML Customer Service Portal SSO

Status: Failed: Missing Organization Id for Portal login

 

But when I try to create organization_id attribute, an error is produced with error message: Attribute key error: 'Reserved attribute key'

However, SAML Response not include organization_id attribute by default.

 

Any solution?

Thanks in advance

 

Marty C.Marty C.
Hello, d@vidSF (mailto:d@vidSF), did you ever reach a resolution for your problem? I'm trying to set up SAML 2.0 SSO for Salesforce Communities, and I'm encountering the same error you noted: Failed: Invalid Portal Id
aay kay 4aay kay 4
Hi Marty,

Did you find a solution for this. I am getting the same error "Failed: Invalid Portal Id"
MagdalenaMagdalena
Hi All
Did you find a solution how to configure SSO for communities? 

Thanks,
Magda.
Marc ParisMarc Paris
I'm assuming this has been resolved but if not, here is the answer. When you configure the SAML IDP, you need to give it an ACS URL. For the normal (non community) login, this is the My domain url (ex https://xxxxx-dev-ed.my.salesforce.com?so=<ID>) For communities you need to put the community url. (ex https://<xxx>community-developer-edition.eu5.force.com/partners/login?so=<ID>. If you put the regular url it thinks you're trying to log in to a legacy portal and you need the portal_id organisation_id in the SAML assertion. If your Salesforce IDP will support a community and the mydomain SF, you'll need to create mulitple connected apps for each endpoint.