Hi,

I have a scenario where I would like to login customer portal users using SSO (Delegated Authentication). I was able to successfully enable and is working fine. However I have a scenario where I need to mask the domain name such as cs1.salesforce.com to Sites domain name. How do I do a form post so that User is loggedin to Sites domain? For example without sites I use:

https://cs1.salesforce.com/secur/login_portal.jsp?orgId=xxxxxxxxxxxx&portalId=xxxxxxxxxxxx&un=xxxxxxxxxxxxx&pw=xxxxxxxxxxx&loginType=2&startURL=%2F500%2F

I enabled sites with customer portal. How would the above URL change if I have to login to portal? Example Site name is: https://testportal.force.com/support

Hi,

We are using ping identity (SAML 2.0) for SSO into sites. Site is associated with a partner portal. If I don't give siteURL i'm able to successfully login into partner portal. However if I use SiteURL i'm getting "replay detected" error. It logs in and I guess somehow a new request is comming in. below is the error and SAML assertion.

 8/19/2010 10:12:55 PM PDT

   58.32.239.82

   SAML Site SSO

   Failed: Replay Detected

   cs3.salesforce.com

  8/19/2010 10:12:52 PM PDT

   58.32.239.82

   SAML Site SSO

   Success

   cs3.salesforce.com 

 <Response IssueInstant="2010-08-20T04:42:45.371Z" ID="jxF4EUmkBlHYokyA91_c5F7RssS" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <saml:Issuer>https://ssod1.xxxxxxxx.com/saml2</saml:Issuer>
  <Status>
    <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  </Status>
  <saml:Assertion Version="2.0" IssueInstant="2010-08-20T04:42:45.373Z" ID="t74fyF1Bax6ZZ8gIFIAU.ChQsTE">
    <saml:Issuer>https://ssod1.xxxxxxxx.com/saml2</saml:Issuer>
    <ds:Signature>
      <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <ds:Reference URI="#t74fyF1Bax6ZZ8gIFIAU.ChQsTE">
          <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:Transforms>
          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
          <ds:DigestValue>6hmEvvGmeN/Ukz1u/yeeivegMz4=</ds:DigestValue>
        </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>WMLxDMqHXteSmt5Z4AL81jPYjOF5hk9oT6pA4l4a24bhhC9XYH6JbHw9Ln4CXwAwpDebUwtCWa1N
NZkwGa6U4PhlXn6Xlnazc/JuEz51hWemkINiBQOWFlqLyEUhv7yiKAKGQJE8nIR+pkOC+NU+1f/p
jUt29UdCMirSJZ/gO+0=</ds:SignatureValue>
    </ds:Signature>
    <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">200709120228664</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData NotOnOrAfter="2010-08-20T04:46:45.374Z" Recipient="https://cs3.salesforce.com/?saml=MgoTx78aEPC5RZR2VydTkscLHwiqT5gc8SMOClzEN0Sj4oKjpfyR.xxxxxxxxxxxxxxxxxx=="/>
      </saml:SubjectConfirmation>
    </saml:Subject>
    <saml:Conditions NotOnOrAfter="2010-08-20T04:46:45.374Z" NotBefore="2010-08-20T04:41:45.374Z">
      <saml:AudienceRestriction>
        <saml:Audience>https://saml.salesforce.com</saml:Audience>
      </saml:AudienceRestriction>
    </saml:Conditions>
    <saml:AuthnStatement AuthnInstant="2010-08-20T04:42:45.373Z" SessionIndex="t74fyF1Bax6ZZ8gIFIAU.ChQsTE">
      <saml:AuthnContext>
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
      </saml:AuthnContext>
    </saml:AuthnStatement>
    <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="siteUrl">
        <saml:AttributeValue xsi:type="xs:string">https://xxxxxxxxsupport.xxxxsfdev.cs3.force.com/ppSiteLogin</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="GUID">
        <saml:AttributeValue xsi:type="xs:string">200709120228664</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="portal_id">
        <saml:AttributeValue xsi:type="xs:string">060300000005W44</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="organization_id">
        <saml:AttributeValue xsi:type="xs:string">00DQ0000000AnvB</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="startUrl">
        <saml:AttributeValue xsi:type="xs:string">pphomepagelinks</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="userId">
        <saml:AttributeValue xsi:type="xs:string">rluke</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="SFDC_USER_ID">
        <saml:AttributeValue xsi:type="xs:string">200709120228664@xxxxxxxx.com.xxxxsfdev</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="userType">
        <saml:AttributeValue xsi:type="xs:string">external</saml:AttributeValue>
      </saml:Attribute>
    </saml:AttributeStatement>
  </saml:Assertion>
</Response>

entityId: https://saml.salesforce.com (SP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
relayState: https://xxxxxxxxsupport.xxxxsfdev.cs3.force.com
Endpoint: https://cs3.salesforce.com/?saml=MgoTx78aEPC5RZR2VydTkscLHwiqT5gc8SMOClzEN0Sj4oKjpfyR.cZYMP5e5V0thmAA14D6E2YV1XZYwty==
SignaturePolicy: DO_NOT_SIGN