Sign Up ›
  • sandeep.casm
  • NEWBIE
  • 0 Points
  • Member since 2010
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 1
    Replies
1 replies

SSO Federated Authentication Help needed

Hi, 

We are trying to implement the SSO using the Federated authentication (SAML)

I have following implementation Questions:

1) Using the Federated Authentication.. i have enabled all that needs to be done on Salesforce security setup option for SSO settings.. Now How can i restrict the users not to login using the regular process.

2)How can have the Per user basis SSO enabled , i see from the documentation that this kind of feature can be enabled by having a profile  with the "Is Single Sign-on" permission  feature available in Delegated SSO.

is there any thing of that sort in Federated Authentication.?

3)All of the documentation in salesforce official documentation states of enabling SSO, related to Idp Initiated SSO. what about SP-initiated SSO.. Is there somewhere  where i can get the SP-Initiated SSO documentation.. ?

If so .. (how do i have the users redirect to my login page when a user uses a bookmarked URL or where is the configuration in salesforce account where i can set up the URL for my Login page.)?

 

Would greatly appreciate your feed on the above Questions , as of now we are behind the scheduled delivery date with SSO setup with salesforce.. ??

 

Gracias,

Rao

 

5 replies

Federated SSO integration with SalesForce

Hi,

 

I am in the process of developing a Identity Solution which supports SAML 2.0 based SSO support. After implementing it, I have exploring some Service Providers who support SSO, and I found that SF supports SAML 2.0 based SSO.

 

At the moment, my implementation only supports SP initiated SSO scenario only. After going through your previous discussions and user guides, I got some knowledge about the SF's SSO support. But I have some doubts which I would like to clarify.

 

How does SP initiated SSO works for SF ? As I understand from your docs, the Identity Provider should send a SAML Assertion containing the Attribute Statement with ssoStartpage and logoutURL first. After that, whenever a user requests a protected resource, he will be redirected to Identity Providers start page. Have I understood it correctly ? If this is the approach, users have to first send the assertion with these attribute statement from the Idp.

 

It would be really helpful, if someone can explain how SP initiated SSO works for SF. 

 

Thanks in advance.

/thilina