Sign Up ›
  • Vijay Gurusamy
  • NEWBIE
  • 0 Points
  • Member since 2018
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
    Questions
  • 1
    Replies
5 replies

Single Sign-on Set-up - aaaarrrggghhhh!!!!!

I just can't work this out.  I've read and re-read the Salesforce documentation.  All I want to do is connect my Community to the internal Identity Provider.

1. I have a Salesforce Org with a Community, nothing special - community is active and published, standard template, no customization

2. I set-up My Domain and this automatically creates a SAML idetnity provider for the new domain.  It included a self-signed certificate plus metadata end-points for the Domain and the Community Domain.

3. I set-up both domains as Remote Sites so I can then set them up for SSO

4. I enable Single Sign-on and set-up the Community as per the instructions:  https://developer.salesforce.com/docs/atlas.en-us.sso.meta/sso/sso_examples_sf2sf.htm
To set up a community as a service provider, use the community URL under SAML Metadata Discovery Endpoints on the Identity Provider page. Upload the SAML metadata from this URL. Using the metadata populates the service provider’s SAML SSO settings, including the Login URL that points to the community. When you define a connected app on the identity provider, specify this Login URL as the ACS URL.

5. I set-up the community as a connected app and use the Entity ID and HTTPRedirect URL specified

6. I update the community to enable access to this SSO login.  I get it showing on the login screen, but it doesn't work.  What can I do to debug this??

Community Login Page

SSO Page - no login