You need to sign in to do that
Don't have an account?
Partha
Security in delegated authentication
Hi,
I am integrating salesforce.com site with my AD using delegated authentication. I have created the web service and deployed in DMZ. I have configured salesforce.com to use my web service for authentication. Everything works fine now. My concern is about the security for the web service itself. How can I restrict the web service to be accessed only by salesforce.com. What are the best practice to implement security for this web service?
Thanks
There are a couple of steps you can take. First, configure your firewall to only accept inbound connections from Salesforce.com IP addresses.
204.14.234.0/23
link: https://ws.arin.net/whois/?queryinput=204.14.234.0
and
204.14.232.0/23
link: https://ws.arin.net/whois/?queryinput=204.14.232.0
These IP blocs shouldn't change, but they might sometime in the future. If you find that you're unable to log in, you should check the firewall logs and make sure that delegated auth calls aren't coming from a different Salesforce IP.
Additionally, I would recommend configuring SSL mutual authentication as an additional layer of security. I found this community post for configuring mutual auth in Tomcat: http://community.salesforce.com/t5/Java-Development/Salesforce-Client-Certificate/m-p/40027
If you're using IIS or another web server, check the vendor's support page for a How-To guide.
Hope that helps!