Hi,

My story is a little bit long, I appreciate the time you put for reading.

I'm using Partner wsdl with oauth2.

my work flow is like this:

I get the refresh token and access token. (redirecting user and getting the authorization, etc)

I put the access token n sessionId for partner wsdl, and then run some queries.

after that I logout by calling partnerconnection.logout()

(I know that this will invalidate the session and expire my access token.)

In second run of my program, I try access token, it fails (which is what I expect)

then I try to get a new access token using my refresh token, but it fails with error 400 (no message, which makes it hard to debug)

in second work flow:

I didn't call logout, but waited for two hours, which will invalidate the access token.

It failed when I tried access token (expected)

and it succeed in generating a new access token using my refresh token.

Is there something special about logout which cause this behaviour?

how can I fix it?

Hello,

I have used salesforce as idp before and I'm familiar with the process which includes creating an idp, sp, etc. 

What I'm wondering about is that how can I create an app (that people can install) and still use salesforce as idp?

should i (somehow) create idp on each of their orgs? 

I know that for remote access if I create one remote access and include that in my app when packaging, then that remote access will be shared for all users. Is there a similar proceess for idp?

Hello,

I have used salesforce as idp before and I'm familiar with the process which includes creating an idp, sp, etc. 

What I'm wondering about is that how can I create an app (that people can install) and still use salesforce as idp?

should i (somehow) create idp on each of their orgs? 

I know that for remote access if I create one remote access and include that in my app when packaging, then that remote access will be shared for all users. Is there a similar proceess for idp?

Hi,

I have a question about ISV apps. 

Is it possible to access users data from an ISV app?

I want to make REST calls to users account (after user installed the app)

I don't want to ask for users username, password or token. Is there anyway to do this?

Thanks in advance,

AminY

Hi,

My story is a little bit long, I appreciate the time you put for reading.

I'm using Partner wsdl with oauth2.

my work flow is like this:

I get the refresh token and access token. (redirecting user and getting the authorization, etc)

I put the access token n sessionId for partner wsdl, and then run some queries.

after that I logout by calling partnerconnection.logout()

(I know that this will invalidate the session and expire my access token.)

In second run of my program, I try access token, it fails (which is what I expect)

then I try to get a new access token using my refresh token, but it fails with error 400 (no message, which makes it hard to debug)

in second work flow:

I didn't call logout, but waited for two hours, which will invalidate the access token.

It failed when I tried access token (expected)

and it succeed in generating a new access token using my refresh token.

Is there something special about logout which cause this behaviour?

how can I fix it?

Hi,

I have a question about ISV apps. 

Is it possible to access users data from an ISV app?

I want to make REST calls to users account (after user installed the app)

I don't want to ask for users username, password or token. Is there anyway to do this?

Thanks in advance,

AminY

Is it possible for Salesforce configured as IDP to send custom attributes like say organization or manager Id in the SAML response from Salesforce.

Morning All

Scenario: I have a javascript app running in a home page component. It acts as the front end for a telephony application in the cloud, which accesses salesforce via the API.

I have set up my salesforce account as an Idp and I have SSO working in my cloud app via simplesamlphp. The question is, can I use this method of authentication to access the API? Currently the user has to effectively log in twice (though we cache the credentials) and this a pain from both the admin and security standpoint.

In our business scenario, setting ourselves up as an Idp for salesorce is unlikely to be acceptable to our customers.

So what I would like to happen is:

1. user logs in to salesforce UI

2. when the home page loads, our javascript app carries some metadata to our web service, which then somehow leverages SSO to log into the API, effectively as the logged in user.

Is this possible?

Thanks

Jim

There is lots of good information on developer.force.com about SSO and Salesforce as the service provider but I can't find any information on using Salesforce as the identity provider to another service. I would like to be able to use my salesforce user and contact objects as my identity store for an outside application. Can it be done? Do I have to role my own SAML SSO service within Salesforce to get the job done? What kind of license agreement issues would I have to deal with?

Any thoughts?