We now have single sign on (SSO) working for Salesforce.com against our corporate AD. Hooray!

(We used this guide: http://wiki.developerforce.com/page/Single_Sign-On_with_SAML_on_Force.com)

However, only the IDP initiated login works currently (users must start by browsing to our OpenAM server).

How do we configure Salesforce.com and OpenAM to allow SP initiated login (user can login straight into Salesforce.com)?

Thanks, Rob.

Hi,

I am doing integration of SalesForce and OpenSSO with SAML.

I have implemented steps mentioned in

http://wiki.developerforce.com/page/Single_Sign-On_with_SAML_on_Force.com site.

    There are two important use cases for SAML –

           1. Identity Provider Initiated Login,

                             where a user starts directly at their identity provider, logs in, and is then redirected to a landing page at the service provider;

                            This case working fine 

            2. Service Provider Initiated Login,

                            where a user starts by clicking a link to the the service provider (e.g. a bookmark, mailed link, etc.) and temporarily redirected to the identity provider for authentication, then returned to the link they initially requested.

I am trying to implement 2nd Scenario : I am performing following steps

           1. created my domain in SalesForce and deployed for Users

           2. Added Identity Provider in Single Sign-On Settings

           3. When I access My Domain URL. It redirect me to Identity provider login page.

           4. After login to IDP it won’t redirect back to SalesForce page. It shows IDP success page.

How should I redirect back to SalesForce success page?