Sign Up ›

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
ErikGEnErikGEn 

SAML and salesforce

I am a question concerning your SAML decision

(ref : http://blog.sforce.com/sforce/2005/07/sforce_single_s.html)

I am full agree with you concerning the SAML issue to implement SAML when you are a SaaS website, but you wrote "Supporting SAML on our website would have been easy. ".

What did you mean with supported SAML would have ben Easy
are you talked about supported SAML document ? accept an SAML RESPONSE assertion only?

How could you easily implemement SAML if you cannot define which Identity provider requested ? Any of your customers will have a specific identity provider/management, and the inital (first) request do not provide you the user, so you cannot find the identity provider....

So how supported SAML in your website would have been easy  ?

Thanks

benjasikbenjasik
we're looking to support it in a future release.  We meant that web services are trickier than just web browser support for saml
SAMLIssSAMLIss

Hi,

 

I really got struck while working with SAML. Please help

 

I am getting login failed error while posting it to Salesforce. Can you please help. login history has no enteries. looks like its not able to get username.

 

<%@ page import="org.opensaml.SAMLBrowserProfile"%>

<%@ page import="com.sso.SAMLAssertionCreator"%>

 

<%@page language="java" contentType="text/html; charset=ISO-8859-1"

pageEncoding="ISO-8859-1"%>

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

 

<%

SAMLAssertionCreator samlCr = new SAMLAssertionCreator();

SAMLBrowserProfile.BrowserProfileResponse objSAML = (SAMLBrowserProfile.BrowserProfileResponse) samlCr.createSAML();

session.setAttribute("SAMLOBJ", objSAML);

%>

<html>

<body><

form name="acsForm" action="https://cs3.salesforce.com" method="post"> <input type="hidden" name="TARGET" value="https://cs3.salesforce.com" />

<input type="hidden" name="SAMLResponse" value="<%=objSAML%>" />

<input type="submit" value="Submit" /></form> </body>

</html>

 

 

Federated single sign-on using SAML:

SAML EnabledCheckedSAML Version1.1
SAML User ID TypeUsername               Issuerhttp://www.xyz.com
SAML User ID LocationSubjectIdentity Provider CertificateEMAILADDRESS=abc@xyz.com, CN=SFSignCert, O=xyz, ST=XX, C=US
Expiration: 29 Mar 2019
Recipient URLhttps://cs3.salesforce.com

 

<Response xmlns="urn:smileysurprised:asis:names:tc:SAML:1.0:smileytongue:rotocol" xmlns:saml="urn:smileysurprised:asis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:smileysurprised:asis:names:tc:SAML:1.0:smileytongue:rotocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2009-04-30T16:19:29.738Z" MajorVersion="1" MinorVersion="1" Recipient="https://cs3.salesforce.com" ResponseID="_c5226ab7546137e707d44a9c6bd935cf"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"></ds:SignatureMethod>

<ds:Reference URI="#_c5226ab7546137e707d44a9c6bd935cf">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces></ds:Transform>

</ds:Transforms>

<ds:smileyvery-happy:igestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:smileyvery-happy:igestMethod>

<ds:smileyvery-happy:igestValue>g5E85emP02skn6lHjlnVafBCCFs=</ds:smileyvery-happy:igestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>

KL2ggRD5iTQVYA9Wdqc1iNt16Dw12fvqO+96CT8GUzObQ+fd/9ces/yT+lxS0PTZYPt9KelkO/jy

PrV9DUFZj37PxNI1vvhT6ZSA1XY1GsooN7nlUdu+tou7a3ZvdCz4CeN0mFCUL7RrH99fmHNgIT4o

s3ZCx4fbstXCFfqomcM=

</ds:SignatureValue>

</ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:smileysurprised:asis:names:tc:SAML:1.0:assertion" AssertionID="_0383e17ba54b53140ad122a4bb68255c" IssueInstant="2009-04-30T16:19:30.049Z" Issuer="http://www.xyz.com" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2009-04-30T16:19:30.028Z" NotOnOrAfter="2009-04-30T16:24:30.028Z"></Conditions><AuthenticationStatement AuthenticationInstant="2009-04-30T16:19:29.928Z" AuthenticationMethod="urn:smileysurprised:asis:names:tc:SAML:1.0:am:smileytongue:assword"><Subject><NameIdentifier>abc@xyz.com</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:smileysurprised:asis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"></ds:SignatureMethod>

<ds:Reference URI="#_0383e17ba54b53140ad122a4bb68255c">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces></ds:Transform>

</ds:Transforms>

<ds:smileyvery-happy:igestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:smileyvery-happy:igestMethod>

<ds:smileyvery-happy:igestValue>dYcFbFuLH3CjTTvxxqzaXTKqMSc=</ds:smileyvery-happy:igestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue>

MB665iHEbaPF23TNqUdtIUllx0BqepfrzB6pNBejWS+49S5dd1g+qcCTK7SqtF/IHQ9xm7jzyfAR

KVzV4/f1e8C5+6y9WBaeCiUCbSfymZ9PQn1/1goJCyd/+jlPvPi3SKj0J4gmnveQQLrUG4dYtkbm

peCFzICrMBisOuDKb1U=

</ds:SignatureValue>

</ds:Signature></Assertion></Response>