function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Ben Jones, CollabraxBen Jones, Collabrax 

Enable Auth. Providers for Salesforce Communities Help

I am trying to setup SSO for Salesforce Communities where the Auth Provider is Salesforce.  So, Salesforce users from other org will be signing on to my Communities pages.  I have followed mostly the steps described in this article (http://wiki.developerforce.com/page/Salesforce_as_an_Identity_Provider_for_Customer_Portal).

 

I have a Connected App to get the Consumer Key, Secret, and Callback URL.  I then setup an Auth Provider as Salesforce and for the RegistrationHandler, I clicked the option to "Automatically create a registration handler template".  The resulting Class was created.  I'm not fluent in APEX, so I don't know if this code alone should work or if it requires modification.  Note in all cases for my SSO, the person logging into my Community will already have been given Community access and Community User will exist, so I don't need the Handler to create a user; just find one.

 

The error I'm getting when the person tries to connect is...

 

https://collabrax.force.com/success/_nc_external/identity/sso/ui/AuthorizationError?ErrorCode=NO_ACCESS&ErrorDescription=Unable+to+find+a+user&startURL=%2Fsuccess%2F
 
I thought perhaps I didn't need the Handler, but when I take it out the error is...
 
https://collabrax.force.com/success/_nc_external/identity/sso/ui/AuthorizationError?ErrorCode=NO_REGISTRATION_HANDLER&startURL=%2Fsuccess%2Fhome%2Fhome.jsp
 
So, I think the problem is tied to my Handler Class.  Can anyone help based on my requirements?

 

 

//TODO:This autogenerated class includes the basics for a Registration
//Handler class. You will need to customize it to ensure it meets your needs and
//the data provided by the third party.

global class AutocreatedRegHandler1384140305788 implements Auth.RegistrationHandler{
global boolean canCreateUser(Auth.UserData data) {
  //TODO: Check whether we want to allow creation of a user with this data
  //Set<String> s = new Set<String>{'usernamea', 'usernameb', 'usernamec'};
  //if(s.contains(data.username)) {
    //return true;
  //}
  return false;
}

global User createUser(Id portalId, Auth.UserData data){
  if(!canCreateUser(data)) {
    //Returning null or throwing an exception fails the SSO flow
    return null;
  }
  if(data.attributeMap.containsKey('sfdc_networkid')) {
    //We have a community id, so create a user with community access
    //TODO: Get an actual account
    Account a = [SELECT Id FROM account WHERE name='Acme'];
    Contact c = new Contact();
    c.accountId = a.Id;
    c.email = data.email;
    c.firstName = data.firstName;
    c.lastName = data.lastName;
    insert(c);

    //TODO: Customize the username and profile. Also check that the username doesn't already exist and
    //possibly ensure there are enough org licenses to create a user. Must be 80 characters or less.
    User u = new User();
    Profile p = [SELECT Id FROM profile WHERE name='Customer Portal User'];
    u.username = data.username + '@acmecorp.com';
    u.email = data.email;
    u.lastName = data.lastName;
    u.firstName = data.firstName;
    String alias = data.username;
    //Alias must be 8 characters or less
    if(alias.length() > 8) {
      alias = alias.substring(0, 8);
    }
    u.alias = alias;
    u.languagelocalekey = UserInfo.getLocale();
    u.localesidkey = UserInfo.getLocale();
    u.emailEncodingKey = 'UTF-8';
    u.timeZoneSidKey = 'America/Los_Angeles';
    u.profileId = p.Id;
    u.contactId = c.Id;
    return u;
  } else {
    //This is not a community, so create a regular standard user
    User u = new User();
    Profile p = [SELECT Id FROM profile WHERE name='Standard User'];
    //TODO: Customize the username. Also check that the username doesn't already exist and
    //possibly ensure there are enough org licenses to create a user. Must be 80 characters
    //or less.
    u.username = data.username + '@myorg.com';
    u.email = data.email;
    u.lastName = data.lastName;
    u.firstName = data.firstName;
    String alias = data.username;
    //Alias must be 8 characters or less
    if(alias.length() > 8) {
      alias = alias.substring(0, 8);
    }
    u.alias = alias;
    u.languagelocalekey = UserInfo.getLocale();
    u.localesidkey = UserInfo.getLocale();
    u.emailEncodingKey = 'UTF-8';
    u.timeZoneSidKey = 'America/Los_Angeles';
    u.profileId = p.Id;
    return u;
  }
}

global void updateUser(Id userId, Id portalId, Auth.UserData data){
  User u = new User(id=userId);
  //TODO: Customize the username. Must be 80 characters or less.
  //u.username = data.username + '@myorg.com';
  u.email = data.email;
  u.lastName = data.lastName;
  u.firstName = data.firstName;
  //String alias = data.username;
  //Alias must be 8 characters or less
  //if(alias.length() > 8) {
    //alias = alias.substring(0, 8);
  //}
  //u.alias = alias;
  update(u);
}
}

lkatneylkatney
Hey,

We are struggling with the same issue while using Gmail openId authorization. we found that the following code was returning null always 

if(!canCreateUser(data)) {
    //Returning null or throwing an exception fails the SSO flow
    return null;
  }

we changed it to return the specific user with email(got from gmail) and that fixed this issue. Modified code:

if(!canCreateUser(data)) {
        //Returning null or throwing an exception fails the SSO flow
       
        User u = [Select Id , username from User where email =: data.email];
        return u;
    }


Hope this helps!!

Special thanks to my friend 'Vishal Singh' who raised this issue and help me out to resolve this.
Prashant Bhure 28Prashant Bhure 28
Thank you lkatney! 

I just ran into the same issue and your response helped me resolve the issue!