+ Start a Discussion
Nagendra SinghNagendra Singh 

how to setup facebook Single Sign-On for Partner Community in salesforce

Phil WeinmeisterPhil Weinmeister
https://help.salesforce.com/HTViewHelpDoc?id=sso_provider_facebook.htm&language=en_US (https://help.salesforce.com/HTViewHelpDoc?id=sso_provider_facebook.htm&language=en_US)

To use Facebook as an authentication provider:
  1. Set up a Facebook application, making Salesforce the application domain.
  2. Define a Facebook authentication provider in your Salesforce organization.
  3. Update your Facebook application to use the Callback URL generated by Salesforce as the Facebook Website Site URL.
  4. Test the connection.

Setting up a Facebook Application

Before you can configure Facebook for your Salesforce organization, you must set up an application in Facebook:
  1. Go to the Facebook website and create a new application.
  2. Modify the application settings and set the Application Domain to Salesforce.
  3. Note the Application ID and the Application Secret.

Defining a Facebook Provider in your Salesforce Organization

You need the Facebook Application ID and Application Secret to set up a Facebook provider in your Salesforce organization.
  1. From Setup, click Security Controls | Auth. Providers.
  2. Click New.
  3. Select Facebook for the Provider Type.
  4. Enter a Name for the provider.
  5. Enter the URL Suffix. This is used in the client configuration URLs. For example, if the URL suffix of your provider is “MyFacebookProvider”, your single sign-on URL is similar to: https://login.salesforce.com/auth/sso/00Dx00000000001/MyFacebookProvider.
  6. Use the Application ID from Facebook for the Consumer Key field.
  7. Use the Application Secret from Facebook for the Consumer Secret field.
  8. Optionally, set the following fields.
Default Scopes to send along with the request to the authorization endpoint. Otherwise, the hardcoded defaults for the provider type are used (see Facebook’s developer documentation for these defaults). For more information, see Using the Scope Parameter
Custom Error URL for the provider to use to report any errors.
Select an already existing Apex class as the Registration Handler class or click Automatically create a registration handler template to create an Apex class template for the registration handler. You must edit this class and modify the default content before using it. Note You must specify a registration handler class for Salesforce to generate the Single Sign-On Initialization URL.
Select the user that runs the Apex handler class for Execute Registration As. The user must have “Manage Users” permission. A user is required if you selected a registration handler class or are automatically creating one.
To use a portal with your provider, select the portal from the Portal drop-down list.

9. Click Save.
 
Be sure to note the generated Auth. Provider Id value. You must use it with the Auth.AuthToken Apex class.

Several client configuration URLs are generated after defining the authentication provider:
  • Test-Only Initialization URL: Administrators use this URL to ensure the third-party provider is set up correctly. The administrator opens this URL in a browser, signs in to the third party, and is redirected back to Salesforce with a map of attributes.
  • Single Sign-On Initialization URL: Use this URL to perform single sign-on into Salesforce from a third party (using third-party credentials). The end user opens this URL in a browser, and signs in to the third party. This then either creates a new user for them, or updates an existing user, and then signs them into Salesforce as that user.
  • Existing User Linking URL: Use this URL to link existing Salesforce users to a third-party account. The end user opens this URL in a browser, signs in to the third party, signs in to Salesforce, and approves the link.
  • Oauth-Only Initialization URL: Use this URL to obtain OAuth access tokens for a third party. Users must authenticate with Salesforce for the third-party service to get a token; this flow does not provide for future single sign-on functionality.
  • Callback URL: Use the callback URL for the endpoint that the authentication provider calls back to for configuration. The authentication provider has to redirect to the Callback URL with information for each of the above client configuration URLs.
The client configuration URLs support additional request parameters that enable you to direct users to log into specific sites, obtain customized permissions from the third party, or go to a specific location after authenticating.

Updating Your Facebook Application

After defining the Facebook authentication provider in your Salesforce organization, go back to Facebook and update your application to use the Callback URL as the Facebook Website Site URL.

Testing the Single Sign-On Connection

In a browser, open the Test-Only Initialization URL on the Auth. Provider detail page. It should redirect you to Facebook and ask you to sign in. Upon doing so, you are asked to authorize your application. After you authorize, you are redirected back to Salesforce.