When I run command line data loader using syntax - 
cd <Path where process.bat for data loader is residing> process.bat "<path to process.xml file>" <process name>

It executes the batch file  on local system and results are returned as expected.
But when I try executing batch file on ftp server with updated paths and same syntax then batch file doesn't excute. It shows "INVALID COMMAND".

Can anyone help if there is a different syntax to run batch file on ftp server via cmd. Also, I'm using filezilla client.

Any help will be highly appreciated

Hi Folks,

I ran checkmarx security scanner on managed package and came up with following CRUD issues : Query: CRUD Delete
​

database.delete(vPlays);

As per the salesforce documentation I have already applied the isAccessible() and isDeletable() checks as follows:
 

List<vPlayBookRules__c> vPlays = new List<vPlayBookRules__c>();  
				 Id RuleId = editvPlayBook.Id; 
                if(Schema.sObjectType.vPlayBookRules__c.isAccessible()){
                    vPlays = [Select Id from vPlayBookRules__c where ID =: RuleId LIMIT 1];                
                }
                if(vPlays.size() > 0){
					if (Schema.sObjectType.vPlayBookRules__c.isAccessible() && Schema.sObjectType.vPlayBookRules__c.isDeletable()) { 
					   database.delete(vPlays);                     
					}
				}

Any help will be highly appreciated

Thanks!

Hi Folks,

We have built a managed package containing the canvas app that uses "Signed Request". The canvas app is further rendered on a vf page using <apex:canvasApp> tag.

But the package didn't pass the security review with the following errors at "HTTPS" URLs:

1. Authorisation : 
   1. Notes : Insecure object reference in the given function let a normal user to access to every user information in the database. Even the users from other organizations. Email, password, token, salts...
2. CSRF : https://sample.com/account/logout
   1. Notes : Logout function has any kind of CSRF protection

Though I was reported with no error when I ran ZAP scan.

I also tried running BURP but no success
Can anyone help to resolve or replicate these reported issues?

Hi Team,

I have implemented an Connected App and added it to chatter. App is working fine but it is not occupying the whole width when I go to the App from Chatter. 



Can someone guide me?

Hi,

I was trying to make a POST call to token endpoint "https://login.salesforce.com/services/oauth2/token" with following parameters :

1. grant_type=assertion
2. assertion_type = urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Aprofiles%3ASSO%3Abrowser
3. assertion= Sample base64 encoded, then URL encoded SAML as . . .

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" Destination="https://login.salesforce.com/services/oauth2/token?so=ORGANISATION_ID" ID="_90ae225-4df200ae" IssueInstant="2016-05-17T17:31:02.516Z" Version="2.0">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">Axiom</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
            <ds:Reference URI="#_90ae225-4df200ae">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>wf8W26nPBEy+eFGG4nNvp5CTcMQ=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ggfuIMI2g0xnnPKwfN7HDEMD27x5ffbl4EhgJ9HlEZjgpR2Pv3Ps3A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIID0zCCA5GgAwIBAgIEF/uFITALBgcqhkjOOAQDBQAwgboxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzESMBAGA1UEChMJQXhpb20gU1NPMVEwTwYDVQQL
E0hGT1IgREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZLiBETyBOT1QgVVNFIEZPUiBQUk9EVUNU
SU9OIEVOVklST05NRU5UUy4xHzAdBgNVBAMTFkF4aW9tIERlbW8gQ2VydGlmaWNhdGUwHhcNMTQw
NjIwMDQzMDI3WhcNNDExMTA1MDQzMDI3WjCBujELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYw
FAYDVQQHEw1TYW4gRnJhbmNpc2NvMRIwEAYDVQQKEwlBeGlvbSBTU08xUTBPBgNVBAsTSEZPUiBE
RU1PTlNUUkFUSU9OIFBVUlBPU0VTIE9OTFkuIERPIE5PVCBVU0UgRk9SIFBST0RVQ1RJT04gRU5W
SVJPTk1FTlRTLjEfMB0GA1UEAxMWQXhpb20gRGVtbyBDZXJ0aWZpY2F0ZTCCAbgwggEsBgcqhkjO
OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1
ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMC
NVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXW
mz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozI
puE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtV
JWQBTDv+z0kqA4GFAAKBgQCXr1mp4UvByY6dGbDOyq3wMs6O7MCxmEkU2x32AkEp6s7Xfiy3MYwK
wZQ4sL4BmQYzZ7QOXPP8dKgrKDQKLk9tXWOgvIoOCiNAdQDYlRm2sYgrI2SUcyM1bKDqLwDD8Z5O
oLeuQAtgMfAq/f1C6nREWrQudPxOwaoNdHkYcR+066MhMB8wHQYDVR0OBBYEFE2JAc97wfHK5b42
nKbANn4SMcqcMAsGByqGSM44BAMFAAMvADAsAhR+Cjvp8UwNgKHfx2PWJoRi0/1q8AIUNhTXWlGz
J3SdBlgRsdFgKyFtcxE=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_54f387e3-57556788" IssueInstant="2016-05-17T17:31:02.516Z" Version="2.0">
        <saml2:Issuer>Axiom</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">USER_NAME</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData NotOnOrAfter="2016-05-17T17:32:02.516Z" Recipient="https://login.salesforce.com/services/oauth2/token?so=ORGANISATION_ID"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2016-05-17T17:31:02.516Z" NotOnOrAfter="2016-05-17T17:32:02.516Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://saml.salesforce.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2016-05-17T17:31:02.515Z">
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute Name="ssoStartPage" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">http://axiomsso.herokuapp.com/RequestSamlResponse.action</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="logoutURL" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"/>
            </saml2:Attribute>
            <saml2:Attribute Name="organization_id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">ORGANISATION_ID</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute Name="portal_id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"/>
            </saml2:Attribute>
            <saml2:Attribute Name="siteurl" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">https://login.salesforce.com/services/oauth2/token</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

But getting an error as follows : 
 

{
  "error": "invalid_assertion_type",
  "error_description": "specifed assertion type not supported"
}

Can some one help me out to solve this error OR provide me some SAMPLE valid SAML ?

Cheers!

 

Hi Everyone,

I am trying to setup SSO between Salesforce (Identity Provider) and Biller Direct ( Service Provider). I have setup Salesforce as Identity provider and got a new domain registered as well. I downloaded the SAML.xml from Salesforce and sent it to SAP team. They sent me a metadata.xml file to upload to Salesforce.

Can anyone provide some info on how to proceed with completing the SSO setup after Salesforce as Identity provider. I am not familiar with what needs to be done with the metadata.xml file sent by the Service provider.

Thanks for your help.

We're interested in trying out Visualforce. Before we dive in, does Visualforce give you access to the full output code (html, css, js)? Are there any dependencies we don't get access too? Thanks, Dave