function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Jyoti KhetanJyoti Khetan 

Single Sign on using POST request

Hello,
 
My organization is using the Force.com platform for an application. I am trying to implement the Single sign on in Salesforce.com.
 
I got the SSO enabled from SalesForce.com. Then I set up a web service for delegated authentication as per the WSDL released by Salesforce.com.
 
I turned on "Single sign-on" feature for my user profiles. I developed an ASP.NET web page that submits a POST request to

https://www.salesforce.com/login.jsp as given in the sample code by SalesForce.com. Heres the code:

<body onload="document.loginForm.submit();">

<form action="https://www.salesforce.com/login.jsp" method="POST" id="login" name="login">

<input type="hidden" name="un" runat="server" id="username"/>

<input type="hidden" name="pw" runat="server" id="token"/>

<input type="hidden" name="startURL" runat="server" id="startURL"/>

<input type="hidden" name="logoutURL" runat="server" id="logoutURL"/>

<input type="hidden" name="ssoStartPage" runat="server" id="ssoStartPage"/>

<input type="hidden" name="jse" value="0" id="jse"/>

<input type="hidden" name="rememberUn" value="1"/>

<script language="Javascript1.2" type="text/javascript">

document.getElementById("jse").value = 1;

</script>

</form>

</body>

The problem is that the login does not happen. I get the login page again after the post request, populated with the username. However, when I enter the password, I am able to login successfully.

Can somone help me please? We are applying for the enterprise edition, and without this, we can't be sure.

Thanks in advance,

Jyoti Khetan

Jyoti KhetanJyoti Khetan

correction in code. I am using

<body onload="document.login.submit();">

but its doesnt work.
 
Jyoti
netDevnetDev
I am having the exact same issue.  Were you able to fix this?
Jyoti KhetanJyoti Khetan
No. Same problem continues.
netDevnetDev

I got it to work by doing a simple redirect.

<script type="text/javascript">

<!--

window.location = "https://www.salesforce.com/login.jsp?pw=" + token +"&un=" + username

-->

</script>
Jyoti KhetanJyoti Khetan

Oh yeah! Nice trick..Thanks! :)

Jyoti
SumeetSumeet

Hey

What about security. You are passing everything in URL
Jyoti KhetanJyoti Khetan
Not really. 
 
You use SSO in EAI scenarios where you have 2 or more systems integrated,and you use one of them for primary authentication. The rest of the systems just receive a "token" which says that the user is authenticated. This token can be a session ID.  
Here, you intend to surpass the SalesForce authentication mechanism. Thats b'coz you have another safe and trusted method of authentication in place. So what you pass to SalesForce as a password is generally a session ID (generated after authentication) which can be verified with your SSO server, and not the real password. Passing a session ID is safe as it has a time-out associated with it.
Your SSO server should be able to verify the validity of session ID and return a true or false.
 
Regards
Jyoti
 
netDevnetDev

In addition we are using https so the transaction is encrypted.

The only problem I have left is I need SalesForce.com to return to my portal when logout occurs.  I think I am going to open in a new window rather than the current window.

Any thoughts?
Jyoti KhetanJyoti Khetan

I haven't tried this, but SalesForce help says it will work. You can set that using the following hidden field on your page.

<input type="hidden" name="logoutURL" runat="server" id="logoutURL"/>
krish_123krish_123

Can You please let me know in details how to implement my web application SSO in SF.com