You need to sign in to do that
Don't have an account?
ChamingaD2
Salesforce SSO with Google App Engine
I wanna intergrate SSO between Salesforce and Google App Engine (Java).
Followed all steps in Google App Engine set up but I'm trouble finding where to enable SSO in Salesforce.
http://code.google.com/p/sfdc-gae-sso-delegated-auth/wiki/Setup
How can i do this ? Gimme easy steps.
Thanks in Advance :)
Hi - detailed steps for setting up the Salesforce end of this are at https://login.salesforce.com/help/doc/en/sso_delauthentication_configuring.htm - note step 1: "Contact salesforce.com to enable delegated authentication single sign-on for your organization." - you'll need to call the support number or email support@salesforce.com.
What i wanna do is ...
After clicking button on Salesforce CRM it should automaticly logged into Google App Engine application with SSO
Is it possible to do ? And how to do it ?
You may be able to use Salesforce as a SAML 2.0 identity provider (see https://login.salesforce.com/help/doc/en/identity_provider_about.htm) to access Google as a SAML 2.0 service provider (see http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html), then use the GAE users service to get the user's identity in your app (see http://code.google.com/appengine/docs/java/gettingstarted/usingusers.html).
I haven't tried any of this, but it looks like it might work.
The code you are refering to (on code share) works the other way around, log into Google first then click on a link to get into salesforce.
Yea, How to do it in way i want ?
Hi ChamingaD23 - I gave you three steps that you could try to get this working. I can try this out myself and post the results here, but, unfortunately, I won't be able to do that for a few days.
Hi ChamingaD2,
I would look at the methods that Pat described if you need it this way around.
That being said why wouldn't the other way work, first log into Google App Engine then into salesforce, once this has been done any time you click out of salesforce into Google App Engine you will already logged on into the Google App Engine.
Hi Patterson
I have a requirement that when the user click the gmail link on VF page, it lands into their gmail inbox without asking his gmail password.So i tried the SSO between salesforce and google apps
At first I had set IDP as salesforce then In google apps I activate the single sign on option and uploaded the certificate over there. I set google as service provider in salesforce
I think all Steps are over But the sigle sign on doesn't works The sso url pushes me to the login page of google instead of going into google apps without authentication. Please provide me the solution.
Thanks in advance....
Thanks
Marris
Hi Marris,
First of all, how are you linking identities from Salesforce to Google? Double check the configuration in the SP configuration at Salesforce - have you set 'Subject Type' correctly? I haven't been able to find detailed docs for the Google SAML Service Provider, but the most likely configuration would be the 'username' subject type, assuming usernames correspond across Google and Salesforce. Also check that the ACS URL is set to https://www.google.com/a/domain.com/acs, substituting your domain for 'domain.com'.
If it's still not working, you should capture the HTTP traffic in your browser using a tool such as LiveHTTPHeaders, ieHTTPheaders or chrome://net-internals/ in Chrome (uncheck 'Strip private information (cookies and credentials).' to see all the relevant detail). You should be able to trace through the SAML interation to see where the problem is.
See Single Sign-On with Force.com and Microsoft Active Directory Federation Services for a similar interaction between AD FS and Salesforce.
Good luck!
Pat
Here are our official docs on this:
https://na1.salesforce.com/help/doc/en/identity_provider_examples.htm#sp_google_example_title
Hi chuckmortimore
Thanks for the help. I tried that official docs in my google apps and salesforce but it is not working. I finished the identity provider and service provider steps then on google apps made sso on . On testing this using their steps it is not working. It doesnt redirect the page from google to salesforce. Any more stuffs do you have? Please provide me a help
Thanks
Marris
You'd have to provide more information on where/how it's failing. There simply isn't enough information here to diagnose
Hi
I set the service provider as google apps and acs url as www.google.com/a/mycompany.com, entity id as google.com and saved it
Then I set identity provider as salesforce.com as the steps given in that docs, I set google apps single sign on and given all the necessary url then uploaded the salesforce cert. there
I set mycompany email id in federation Id column of user object.
After finishing all this I typed my google apps url in browser. Instead of redirection to salesforce on login it simply goes to google apps as such. This is the problem i am facing
Thanks
Marris
Hi
I followed the doc very carefully and again i done these setting Now when i type my google apps link in browser it goes into salesforce login page . There I entered my salesforce credentials after that it has to go to google apps gmail inbox but it goes again to login page of google apps why?
Thanks
Marris
It seems like it's doing part of the SSO process now. Use one of the tools I posted links to earlier to examine the HTTP flow.
Perhaps list all your settings on both sides, and we can compare with what we have. Feel free to direct message me if you'd prefer to not post on the public board
HI Patterson
I will check it out
Thanks
Marris
can you explain me in detail how it works...i have already created an identity provider..whats the next step?
From the instructions in setup -
salesforce.com set up
Which step are you stuck on?
https://developers.google.com/appengine/docs/java/tools/eclipse
I have followed this link.....and all i have done is to obtain an identity provider in google app..which is
http://yudishramdowar.appspot.com/guestbook
I have not yet configured SSO on salesforce..(setup-> security controls--> single sign on settings)It is asking me for a certificate. I dnt have that certificate and i have no xml in my eclipse so that when i click a link...i'l redirected to salesforce..
There are a few ways you can setup SSO in salesforce.
The code mentioned is using the delegated authenication mechanism. You can also do SSO with SAML (the more modern way)
From looking at how you are trying to configure it looks like you are trying to do it with SAML, in which case the code mentioned does not provide you with anything.
If you are happy to go witth delegated authenication follow the instructions to the letter and you should be fine.
Hello, I', trying your example.Already contacted salesforce to activate my delegate authentication. I have already done the salesforce set up. I'm getting problem with the
Google App Engine set up
I'm getting this error...
Error: Server Error The server encountered an error and could not complete your request.
If the problem persists, please report your problem and mention this error message and the query that caused it.
Since i'm testing it on my salesforce sandbox..I changed the salesforceLoginURL = "https://test.salesforce.com"; in Login.java.....I don't knw how to solve this issue. Please help!!
At what step are you getting the error you mentioned?
when i go to this link...
http://developer.force.com/projectpage?id=a063000000CVXDRAA5
do you have a complete package that i can upload directly into my eclipse.?
I have created the 5 java classes...and put my application id in the xml file..
I thk i'm getting problem in step 1.
I don't really know at what step the error is coming. Can you please tell the order of the 5 classes..I'l try to debug it....
Check out http://developer.force.com/cookbook/recipe/enabling-single-sign-on-with-the-force-com-platform it has a nice diagram at the end to show the flow of information for delegated authenication.
I have already read these documents..but what i really need is that the user must be able to sign in to salesforce using the google app. Excatly what you have. I can't understand how to solve this...
So its the stage "Google App Engine set up" you are have challenges with?
Does the "Test it is working by logging into "https://your_google_app_name.appspot.com" with Google user name. Where your_google_app_name is the Google App Engine application you have created" work for you?
Did you also copy the lib across in step 7.2 in "Google App Engine set up"
yea right...I'm having problem with the Google ap engine set up.Yes I have my application id. For step 7.2 i created a new project copy the xml file and add my application id to it.then upload the project.. but i'm still getting the error..
Error: Server Error The server encountered an error and could not complete your request.
This is my xml file: appengine-web.xml
<?xml version="1.0" encoding="utf-8"?>
<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
<application>yudishramdowar1</application>
<version>1</version>
<!--
Allows App Engine to send multiple requests to one instance in parallel:
-->
<threadsafe>true</threadsafe>
<!-- Configure java.util.logging -->
<system-properties>
<property name="java.util.logging.config.file" value="WEB-INF/logging.properties"/>
</system-properties>
</appengine-web-app>
Yes, the test "https://your_google_app_name.appspot.com" work for me....there is an example hello world when i create a new project...i start getting the error when i copy the 5 java file into the project.
Link for my delegated authentication on salesforce is
https://yudishramdowar1.appspot.com/authority
I'm i doing somethng wrong...??
So from looking at http://yudishramdowar1.appspot.com/ it appears that the app is not at the root level. If it was you would have got 403 Forbidden message. For this url.
Typing in http://yudishramdowar1.appspot.com/home would have given you a page to log into.
Somehow in the app engine config you need to get it to properly point to the app rather than have it embedded as a link of the main page. It's been a while since played with the app engine so not sure how to do this.
I will update the setup instructions to get everyone to test with /home instead.
The app with the http://yudishramdowar1.appspot.com/home
dispay an error again...
Error: Not Found The requested URL /home was not found on this server.
I don't get any salesforce link. But i think it makes sense if i cn't access my project "SVN Project"
I'll not be able to access its content as well.
The app with this url http://yudishramdowar1.appspot.com/
displays the following:
Hello App Engine!
SVN_Project
Yes if u cn please modify it...thank you
So I've only modified the instructions.
You still need to make the google app engine point to the app correctly. Not have it embedded as as link on the home page. I've not been in google apps for a while so not sure how to do this. When you have done this the /home link should work.
I have done the /home but still getting the error..what did you mean by my app is not at the root level..and if its not at the root level how to do this. if you want you can add me on skype please..we can discuss on that..
Skype name: yudish.ramdowar1
The default home page (hello world) should not be appearing, only the installed app. This is not the case with your instance. It's been a long while since I've used google app engine and not sure what you need to do inside google app engine to get it to correctly point to the installed app as opposed to the default app.
Hello i find a log file...on my google app and its displaying these errors...
Can you please help?
If you have Google Apps and Salesforce, you might be interested in our latest product, The Scoop Composer (http://www.cloudgizmos.com/salesforce-gmail-integration), which integrates the two. Not only does it contain a contextual gadget that shows you the relevant Salesforce info at the bottom of every Gmail, but it is a productivity tool that allows users to seamlessly traverse between the Gmail and Salesforce, instantly logging calls, attaching emails, and pull new prospects into Salesforce straight from their inbox. Like Salesforce, our customers are primarily security-aware enterprise businesses (Google was our first customer). Feel free to contact us if this is of interest. Regards, Rachel (from CloudGizmos).