You need to sign in to do that
Don't have an account?
SaintMichael
Misconceptions on SAML
With SAML, do I still need to use an LDAP server, locally?
I was thinking the big difference between federated and delegated is that delegated requires something
like an LDAP server.
I was thinking that SAML allows me to keep my users in salesforce??
Am I wrong?
You don't *need* an LDAP server for SAML or Delegated Auth. For SAML, you need some sort of software that can generate a front-channel SAML assertion. This is generally called an Identity Provider. (Google SAML Identity Provider and you can see many commercial and open-source products.)
Most customers choose to integrate their Identity Provider (IDP) with their internal system of record. This is usually Active Directory or some other LDAP server. Its a convenience for single sign-on, but its not a requirement of the SAML protocol.
So, I could use SAML with my current user table that is in salesforce?
Salesforce.com can act as a Service Provider (SP) and/or Identity Provider (IDP).
Here's a quick overview of how SAML works:
http://en.wikipedia.org/wiki/Saml
As an SP, your IDP can reference Salesforce.com usernames directly in the assertion (such as "MyUsername@MyCompany.com), or you can choose to use an external identifier (such as employee number or internal username/ID.)
See here for a list of parameters and instructions for configuring SSO using SAML (external IDP):
https://help.salesforce.com/apex/HTViewHelpDoc?id=sso_saml_idp_values.htm&language=en
You can choose to make Salesforce.com an IDP if you have My Domains enabled.
How to setup Salesforce.com as an IDP:
https://help.salesforce.com/apex/HTViewHelpDoc?id=identity_provider_about.htm&language=en
Hope that helps!