You need to sign in to do that
Don't have an account?
Federated SSO integration with SalesForce
Hi,
I am in the process of developing a Identity Solution which supports SAML 2.0 based SSO support. After implementing it, I have exploring some Service Providers who support SSO, and I found that SF supports SAML 2.0 based SSO.
At the moment, my implementation only supports SP initiated SSO scenario only. After going through your previous discussions and user guides, I got some knowledge about the SF's SSO support. But I have some doubts which I would like to clarify.
How does SP initiated SSO works for SF ? As I understand from your docs, the Identity Provider should send a SAML Assertion containing the Attribute Statement with ssoStartpage and logoutURL first. After that, whenever a user requests a protected resource, he will be redirected to Identity Providers start page. Have I understood it correctly ? If this is the approach, users have to first send the assertion with these attribute statement from the Idp.
It would be really helpful, if someone can explain how SP initiated SSO works for SF.
Thanks in advance.
/thilina
Your understanding of SP initiated sso is pretty much correct,
however this:
http://saml.xml.org/wiki/sp-initiated-single-sign-on-postartifact-bindings
is a pretty good link..
~Sumit
Hi,
Thanks Sumit for your reply and reference. :-)
I am concerned on how SP initiated SSO works for SalesForce. Seems like they have a different approach than other service providers who support SSO( eg: Google Apps).
For SalesForce, is it required to send an assertion with an attribute statement containing ssoStartpage and logoutURL first ? As I understand, then only SF is sending the Authn Request using SAML POST binding and follow the message flow depicted in the specification. Is this complete sequence of actions required always when a user logs into SalesForce?
But according to the SAML 2.0 web browser specification, the SP initiated SSO message flow should start with SP sending the Authn Request to IdP.
Your help for figuring out this is much appreciated.
thanks.
/thilina
Even im looking to figure out the same..
Does SF Support the SP_initiated SSO
please let me know if you found the solution for the same..
regards
rao
Hey Guys,
I'm also having the same issue as you guys.. Did you ever figure this out?
Thanks!
Looking for the same information, anyone at SF care to respond?