Hi,

We are looking for a SAML SSO solution for allowing User to login to Salesforce from web portal and from Salesforce to login to another web application.

Steps involved:

1. User logs into corporate web portal by providing his/her corporate credentials.

2. By clicking on a link provided on website, user must be able to login to Salesforce.com.

3. When user click on a custom link provided on Salesforce, user must be able to login to another web application.

Design proposal:

For step#2, Assume Federated Authentication (SAML) is implemented by providing federatedID and token(generated by one of the application within our environment) in the SAML assertion. While Salesforce uses federated ID for user authentication into salesforce, token is retrieved from SAML assertion and passed to the client’s authentication services for authenticating the user into 3rd application.

Questions:

1. Can we include a token (generated by one of the application within our environment) along with federatedID in the SAML assertion?  If yes, can we retrieve this token from the assertion and store in salesforce for using it for login to another application?

2. Can Salesforce act as service provider (SP) and also as an Identity Provider (Idp).

Please advise.

Thanks,

Vimal