• asingh
  • NEWBIE
  • 0 Points
  • Member since 2011

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 3
    Replies

HI,  I am very confused..

 

We are using code to communicate via SAML with Salesforce.

 

We are trying to be a ldP and I am confused on;

 

1. Do I create the Cert / Keys from Salesforce?  if Not then I use a CA to create, fine.

2. What is the FQDN or just domain name that should be used?  x.salesforces.com ??  or my domain?

3. Do I upload the Cert or Private key to Salesforce?  Then I will understand what I need on myside.

 

 

 

Thank you for help/understanding.  These simple questions don't seem to be clear to me anywhere.

 

 

 

  • March 30, 2011
  • Like
  • 0

HI,  I am very confused..

 

We are using code to communicate via SAML with Salesforce.

 

We are trying to be a ldP and I am confused on;

 

1. Do I create the Cert / Keys from Salesforce?  if Not then I use a CA to create, fine.

2. What is the FQDN or just domain name that should be used?  x.salesforces.com ??  or my domain?

3. Do I upload the Cert or Private key to Salesforce?  Then I will understand what I need on myside.

 

 

 

Thank you for help/understanding.  These simple questions don't seem to be clear to me anywhere.

 

 

 

  • March 30, 2011
  • Like
  • 0

Hi,

 

I guess what i'm looking for is a dummy's explanation of what I need for an SSO configuration.  I've read the articles on http://wiki.developerforce.com/index.php/How_to_Implement_Single_Sign-On_with_Force.com and http://wiki.developerforce.com/index.php/Single_Sign-On_with_SAML_on_Force.com but still have questions (I'm very new to this).

 

The process I need to setup is as follows:

 

A user click on a link on a 3rd party website which brings them to my salesforce.com ssytem. It authenticates the user (details are passed in the URL) then returns the user to the 3rd party external site (using a returnulr) with some user details from salesforce as part of the url string.

 

My understanding is that SAML authentication on Salesforce.com can be setup for my part of the requirements.

 

On reading the above articles. It specifies "In Salesforce, specify your organization’s Single Sign-On Gateway URL by clicking Setup | Security Controls | Single Sign-On settings."

There are also examples detailed on using an Identity provider & a service provider.  Open source identity providers such as OpenSAML are also detailed.

 

Questions I have:

 

If the authentication is to occur on salesforce.com, Do I need to setup salesforce.com as the identity provider (It would seem to me that the 3rd party company who need authentication from Salesforce would therefore be the service provider?).

Do I need external identity provider software/configurations (such as OpenSAML for example) or can this be built using built in using existing salesforce functionality? 

 

Thanks in advance. Any help would be appreciated!