+ Start a Discussion

How do I pass Sales Force Login Credentials to Application Server?


Please excuse but I am new to Sale Force.com.  My question is, I want to set up Web Link to be served up on Sales Force.com Account page.  I want the user that is logged into Sales Force.com to be able to click on the URL and their credentials (the credentials they used to log onto to Sales Force.com) will be redirected to the URL so the application can use the same credentials to validate the user, in  stead of the user having to login to the redirected site?  Any help is appreciated.





Hi rurecruit,

The mechanism for this type of interaction is to send the sessionid to the app server and the server url.  Both are "merge" fields available when configuring the web link.  By having the session id and serve url, you can interact with the web services as the logged in user.  The login call returns to key pieces of information, the session id and the server url.  These 2 pieces of information can be obtained using merge fields on a web link.  Once you have those two pieces of information, you can use them just as if they were returned by the login method.



Hi Dave,

Thanks for answering my question. One last thing, can I include the user's Salesforce login ID and Password in the URL string (get request) to pass the credentials to the App Server (i.e. URL?ID=XXX&PW=XXX)? And if yes, can the appended values be encripted? Is there also a way to call a URL using a post instead of a get (using javascript). Can you post the link to the Merge Field documentation? Again, please excuse these basic questions. Thanks.


Hi rurecruit,

First question, can you have the username and password on the url to the appserver?  Nope.  Bad security practice anyway.  With the sessionid you don't need it.

The merge fields are best understood by starting the process of creating a web link in the app and viewing all the available fields in the ui from there.


SSO would be the best way to achieve what you want... but, I hear salesforce does not support SSO correct?

The sessionid definitely provides that the user ABC has been authenticated in salesforce, but if you need to re-authenticate the user in your system (because you do not have control over your system's authentication), you are out of luck.

If you then need authorization in your system, you could use the user ABC (assuming you have control over your system to bypass/fake auth).

We are battling the same issues... hopefully SSO is supported soon (6.0?)...


Inbound SSO is in pilot today, and will be GA'd in the Summer 05 release.
see http://www.salesforce.com/newsevents/press-release.jsp?year=2005&month=April&id=050412

What i think you're asking for is outbound SSO, i.e. the ability to have salesforce generate a SAML assertion and send it to your site as part of a WIL. This is something we've been thinking about, but it is not in the summer 05 release. Please log a feature request case with your support rep if this is a feature you're looking for.

In this particular case, if the user has not control over the authentication system on the server, then it seems unlikely that a SAML assertion would be much more use than a sessionId. If it did help, then it wouldn't be that hard to build an intermediate page that verified the sessionId and generated a SAML assertion from it.
Hi could you please explain a bit concept of merge fields and web link. we just became customer of sales force and we need o implement similar thing to allow user to logon to one of our intranet sites and then there will be sales force link shown to the user on that intranet site after successful logon. once user clicks on that link we need to take user to user's homepage on sales force website
Hi there, I am new to SFDC could someone please post a URL example that passes Sales Force Login Credendials to authenticate to an external website.  This thread appears to be what we are trying to achieve, many thanks in advance.