function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Login via API and redirect to secure visualforce page



I'd like to make an API call to login, and then redirect a user to a visualforce page that is only available to authenticated users. I can think of one tricky way to do it, but latency would probably be impacted. I'm sure it's as simple as setting some http header parameters and redirecting to the URL but I can't find out what these headers might be called. I did come across an alternative:



A couple of things to think about:

Is this page going to be hosted on your website?
Is this going to be used for multiple salesforce organizations?
One thing you can do is use the login() API call to get a session id. You will be able to tell if the login fails, and alert the user appropriately.

From there, you will have to redirect the user through the "frontdoor.jsp" page which has the following format:


[host] - varies by organization. Some that I've seen are na1, na2, .... If you are only building this for 1 organization, you could hard-code this value. If you are building the for multiple organizations, you could parse it from the serverUrl property of the returned LoginResult.
[session_id] - get this from the returned LoginResult
[start_page] - this is optional but can be used to "deep link" a user to a page after they've logged in.

 But I'm worried that some part of this URL and/or JSP could change without notice. Any ideas or info you could point me to?





frontdoor.jsp is your best bet, but it is unsupported.


That's not very good news. I'm building an app that needs some sort of cross domain functionality and will support tens of thousands (and up to hundreds of thousands) of customer portal users. Cookies aren't supported yet, any other ideas? I've sniffed the handshake packets, how easy would it be to mimic this?




The TLS sessionId is unrelated to the sessionId. As far as i know, the only options are to use frontdoor.jsp, or to set the session cookie value correctly.


Wes do you have a problem with using the frontdoor method? I test it and was able to achieve it.  Only problem I see is you must know the server instance you're on.


Here was the url I passed with my session Id blanked out for obvious reasons ;){{{SESSIONIDGOESHERE}}}&retURL=/apex/SOMEVFORCEPAGE





Thank Richard. I've had no problem using it, but I'd have a portal with thousands of daily visitors relying on a part of Salesforce that could change without notice. That kind of risk is a bit scary..

Joe GaskaJoe Gaska


I actually got this to work email me if you still need it.