function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Jyoti KhetanJyoti Khetan 

Single Sign on using POST request

My organization is using the platform for an application. I am trying to implement the Single sign on in
I got the SSO enabled from Then I set up a web service for delegated authentication as per the WSDL released by
I turned on "Single sign-on" feature for my user profiles. I developed an ASP.NET web page that submits a POST request to as given in the sample code by Heres the code:

<body onload="document.loginForm.submit();">

<form action="" method="POST" id="login" name="login">

<input type="hidden" name="un" runat="server" id="username"/>

<input type="hidden" name="pw" runat="server" id="token"/>

<input type="hidden" name="startURL" runat="server" id="startURL"/>

<input type="hidden" name="logoutURL" runat="server" id="logoutURL"/>

<input type="hidden" name="ssoStartPage" runat="server" id="ssoStartPage"/>

<input type="hidden" name="jse" value="0" id="jse"/>

<input type="hidden" name="rememberUn" value="1"/>

<script language="Javascript1.2" type="text/javascript">

document.getElementById("jse").value = 1;




The problem is that the login does not happen. I get the login page again after the post request, populated with the username. However, when I enter the password, I am able to login successfully.

Can somone help me please? We are applying for the enterprise edition, and without this, we can't be sure.

Thanks in advance,

Jyoti Khetan

Jyoti KhetanJyoti Khetan

correction in code. I am using

<body onload="document.login.submit();">

but its doesnt work.
I am having the exact same issue.  Were you able to fix this?
Jyoti KhetanJyoti Khetan
No. Same problem continues.

I got it to work by doing a simple redirect.

<script type="text/javascript">


window.location = "" + token +"&un=" + username



Jyoti KhetanJyoti Khetan

Oh yeah! Nice trick..Thanks! :)




What about security. You are passing everything in URL

Jyoti KhetanJyoti Khetan
Not really. 
You use SSO in EAI scenarios where you have 2 or more systems integrated,and you use one of them for primary authentication. The rest of the systems just receive a "token" which says that the user is authenticated. This token can be a session ID.  
Here, you intend to surpass the SalesForce authentication mechanism. Thats b'coz you have another safe and trusted method of authentication in place. So what you pass to SalesForce as a password is generally a session ID (generated after authentication) which can be verified with your SSO server, and not the real password. Passing a session ID is safe as it has a time-out associated with it.
Your SSO server should be able to verify the validity of session ID and return a true or false.

In addition we are using https so the transaction is encrypted.

The only problem I have left is I need to return to my portal when logout occurs.  I think I am going to open in a new window rather than the current window.

Any thoughts?

Jyoti KhetanJyoti Khetan

I haven't tried this, but SalesForce help says it will work. You can set that using the following hidden field on your page.

<input type="hidden" name="logoutURL" runat="server" id="logoutURL"/>


Can You please let me know in details how to implement my web application SSO in