Sign Up ›
  • Mandeep Singh
  • NEWBIE
  • 0 Points
  • Member since 2012
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 4
    Replies
3 replies

Setting up SSO using SAML and Heoku Rails app to authenticate

Hi,

 

I wish to setup SSO using SAML in the Salesforce Org, so that I can authenticate from a Rails app (deployed on Heroku) and perform some REST API calls from the Rails app.

 

I am very new to Salesforce, but I am aware of where to setup the SSO/SAML for the Org (Setup->Security Controls->SSO) but, I am not sure what I should be handling at the Rails app side for the authentication to work.

 

1. What are the required steps/components to be implemented on the Rails app side so that it can work with SSO/SAML setup on the Salesforce side.

 

2. Also is it possible to set multiple SSO / SAMLsettings in Salesforce?

 

3. How to generate the certificate required for configuring the above SSO / SAML settings in Salesforce?

 

Any help would be higly appreciated!

 

 

 

3 replies

Setting up SSO using SAML and Heoku Rails app to authenticate

Hi,

 

I wish to setup SSO using SAML in the Salesforce Org, so that I can authenticate from a Rails app (deployed on Heroku) and perform some REST API calls from the Rails app.

 

I am very new to Salesforce, but I am aware of where to setup the SSO/SAML for the Org (Setup->Security Controls->SSO) but, I am not sure what I should be handling at the Rails app side for the authentication to work.

 

1. What are the required steps/components to be implemented on the Rails app side so that it can work with SSO/SAML setup on the Salesforce side.

 

2. Also is it possible to set multiple SSO / SAMLsettings in Salesforce?

 

3. How to generate the certificate required for configuring the above SSO / SAML settings in Salesforce?

 

Any help would be higly appreciated!

 

 

 

13 replies

ADFS Help!

Hello.

 

We're working on an integration with ADFS and followed the document on developerForce to a T. We are getting some strange errors that I'm not sure how to troubleshoot. See below:

 

10. Checking the Recipient

  Organization Id that we expected: 00DU0000000XXXX

  Organization Id that we found based on your assertion: 00DU0000000XXXX

 

The OrgIDs above are exact matches. Not sure why this is displaying as an error.

 

4. Checking that the timestamps in the assertion are valid

  Current time is after notOnOrAfter in Conditions

  Current time is: 2012-02-16T22:00:12.184Z

  Time limit in Conditions, adjusted for skew, is: 2012-02-13T22:50:15.127Z

  Timestamp of the response is outside of allowed time window

  Current time is: 2012-02-16T22:00:12.184Z

  Timestamp is: 2012-02-13T22:42:15.125Z

  Allowed skew in milliseconds is 480000

  Timestamp of the assertion is outside of allowed time window

  Current time is: 2012-02-16T22:00:12.184Z

  Timestamp is: 2012-02-13T22:42:15.045Z

  Allowed skew in milliseconds is 480000

 

The time on the machine is exactly the same as the time in Salesforce, at least it is on the ActiveDirectory. Where is it getting the time from here? 

4 replies

OAuth Prompt user to login to solve multiple active salesforce sessions

Hi,

 

How can I force a user logging in with OAuth to be prompted for login instead of automatically authorizing the user. The problem comes when a user has multiple active browser sessions and has already 'allowed' the app previously to access the site.

 

If I'm logged into my dev org and pr

I'm using the web server authentication flow - using the following URL:

https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=xxx&redirect_uri=http://xxxx&display=full&immediate=false&state=xxx

 

* I've tried using immediate=false, but that makes no difference once the user has 'allowed' the app access.

* I've tried using https://login.salesforce.com/setup/secur/RemoteAccessAuthorizationPage.apexp instead of the normal https://login.salesforce.com/services/oauth2/token - this does force a prompt but then it gives me an 1800 error, whatever that is - i think that URL is for OAuth 1.0 (??).

 

Aside from being difficult when developing (since I'm logged into 1 org, and want to authenticate against another org), I think users will get confused if they are automatically logged into an org, even if they have previously allowed the app through. Also, it seems kind of random which org the user is logged into, which I wonder if this is a bug or by design?

 

Thanks

 

p.s. i love that the spell checker suggests 'salesrooms' for salesforce!

 

Ben

  • January 28, 2012
  • Like
  • 0