Apex Code Development You need to sign in to do that
Don't have an account?
inJames Outlook Connector SSO Help
We've implemented a SSO Federated solution for our salesforce org and I am not attempting to make it work with the outlook connector. I've found a salesforce ppt (http://www.salesforce.com/community/assets/docs/Best_Practice_-_Connect_Outlook_3.0.ppt)that says that SSO is Supported with Outlook and to see Solution 0005628 for details. I don't know how to find that solution.
I've also found this page that gives it an overview (http://wiki.developerforce.com/index.php/Single_Sign-On_for_Salesforce_Clients) and I would like to implement the solution #3 in the overview section of this document. My question is how do I create the proxy with NTLM as described in this document? Is there a sample of this available and how do I find the solution identified in the power point?
This is the solution:
Force.com Connect for Lotus Notes, Force.com Connect for Microsoft Outlook v2.x, 3.x and Force.com Offline 2.0 supports a registry setting to allow for the development of a Desktop Client Proxy which intercepts the standard login request to support token based login to salesforce.com.The login process for the desktop clients then becomes:
1. The salesforce.com desktop client sends a login request to the Desktop Client Proxy
2. The Desktop Client Proxy extracts the username and password and sends them to the Token Generator
3. The Token Generator validates the credentials and replies to the Desktop Client Proxy with the single-use token
4. The Desktop Client Proxy replaces the corporate password in the login request with the token and sends a secure login call to salesforce.com
Salesforce.com sends a request to the Authentication Proxy to validate the token and after successful authentication, the Authentication Proxy replies to salesforce.com
5. After successful authentication, salesforce.com replies to the Desktop Client Proxy
6. The Desktop Client proxy passes the response back to the desktop client, and the user is authenticated
The registry setting is:
HKEY_LOCAL_MACHINE\\Software\\salesforce.com\\OfficeToolkit\\ServerUrl
The server URL will receive the login SOAP packet and will need to extract the necessary details to generate the one time use token, amend the SOAP packet and send it on to https://www.salesforce.com/services/Soap/c/6.0
Once the response comes back it needs to forward the response SOAP packet to the desktop client.
By placing the Desktop Client Proxy either inside the corporate network or within the DMZ would control the level of accessibility of the desktop products. For example placing the Desktop Client Proxy within the corporate network would allow a customer to control access to the salesforce.com desktop products to corporate PCs on the network or VPN.
Details on the SOAP messages...
The login html/soap looks like:
POST /services/Soap/c/6.0 HTTP/1.1
Connection: timeout=1
SOAPAction: ""
Accept-Encoding: gzip
Content-Length: 662
User-Agent: SForceOfficeToolkit (MSIE 6.0.2800.1106; Windows NT 5.1 build 2600)
Host: www.salesforce.com
Cache-Control: no-cache
Cookie: noAds=true
Offline Client/200100growe@genwatt.com21plus21
Ordinarily this is sent to
https://www.salesforce.com/services/Soap/c/6.0
but by setting the server URL registry setting it will come to the desktop proxy
You will need to extract the password field and use the information from this SOAP message to call your token generator and then replace the sfdc:password field with your one time use token and send it on to https://www.salesforce.com/services/Soap/c/6.0
The response coming back is:
HTTP/1.1 200 OK
Server: Resin/3.0.12
Connection: close
Content-Type: text/xml; charset=utf-8
Connection: close
Transfer-Encoding: chunked
Date: Mon, 22 Aug 2005 13:39:15 GMT
04d5
false
https://na1-api.salesforce.com/services/Soap/c/6.0
Gl8hFOI_DK8AuC97Y0ZceNvGRkZiefLO6B0fcPR95nefYenQnz5J1aNSjp2djiR27AOU9cRcRyWUsNjBux8nJhhD2wYHcrlK4SNdGN37zi4=
00530000000cczLAAQ
00D300000000JvcEAE
true
TF & S
USD
growe@salesforce.com
Graham Rowe
00530000000cczLAAQ
en_US
en_GB
Europe/London
This response needs to be forwarded back to the desktop client.
I'm working on this same thing. We have delegated authentication working successfully for single sign-on and are now attempting to get the outlook add-in to use single sign-on.
In the sample soap login/html POST, you show the content sent as: Offline Client/200100growe@genwatt.com21plus21
However, using Fiddler to monitor the requests, what I see on my machine is not a simple string of username and password, but instead what appears to be an encrypted string. How is this string meant to be decrypted?