Hi,

I have the requirement to sso into salesforce community from our business application. As we have no Identity Provider, I'm working on generating a saml response by myself and send it to salesforce. I am confused what should I use to make a signature in the xml. Do I need to use our own private key or something else? I have read some articles on saml signature, seems that I should use our private key to sign the response and share our public key with salesforce. But I did not find a page in salesforce to store our public key. I only find the page under setup/Single Sign-On Settings, where I can upload a certificate. Dose this certificate mean our own CA-signed certificate? 

Thanks.

 

I have a web application where users log in using their username and password. I have created a Salesforce Community for the users to ask questions, share topics and articles.
As we use the CRM of salesforce, the user data have been synced into salesforce before.
I want to add a link in the application. After the users log into the web application, they will find a link in the page, if they click it, they will be logged into the community.
I have looked through some salesforce documentations on SAML SSO. But I did not find anyting that suits my requirement. I don't have an identity provider server. I just want the web application to be a provider in a sense. I found that I can send SAML assertion to salesforce. But in this way, seems I have to generate the XML and encrypt it by manual. I'm not clear what should I do then.

Can anyone give some detailed instructions on this?

I have a web application where users log in using their login an password.
I'm creating a Salesforce Community for those users, for them to ask questions, read articles, start discussions, etc.

I have a scheduled process now that synchronizes the users I have in my application to Salesforce. I'm extending that process to create contacts and community users, so my users won't have to manually register into the community.

In the next step, I'm going to add a link to my application where the users can click and be logged into the community, in a new window. As the users are already logged into my application, I don't whan them to provide their login again to communities. How can I achieve that?

I read a lot of Salesforce documentation on loggin in using SAML and OAuth and couldn't find anything that suits my needs. OAuth is all about authenticating the user and giving me an access token, so my application can perform actions in the community on the behalf of my user. I don't want that. I only want to login the user.

A solution could be use SAML to single sign on, but then I would need to manage my user in a SSO provider and I don't want to do that. Is there any way to log my user into the communities using only its email or Salesforce Id, without requiring them to provide credentials? Can I provide some secret or key from my application and log in any user I want?

I found something close to that with OAuth 2.0 JWT Bearer Token Flow, but even then I would need a user first authentication to get an authorization token.

Thank you