• benvk
  • NEWBIE
  • 0 Points
  • Member since 2011

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 4
    Questions
  • 8
    Replies

I'm trying to setup my first AppExchange listing. I've signup as a salesforce ISV partner, and am now setting up the APO. In order to start the security review it says "you must be a salesforce.com partner and connect your partnership information to your provider profile". I do that by clicking the link and selecting 'change partnership'

 

I then enter my partner login (which ends in @partnerforce.com) and then the popup window closes with no error message. But the text 'No partnership selected' is still displayed.

 

Any ideas what might be going on?

 

Thanks

  • January 07, 2013
  • Like
  • 0

Hi,

My scenario is that I'm trying to build a service on database.com but the user interface is running elsewhere (heroku) - and I'm mostly using database.com lite profiles. I want users to be able to set themselves up with their own logins -and I am doing this through a REST call to my db.com org which goes and creates users on a private request from an admin account from my Heroku based frontend. I'd like users to have a nice user experience during this process where I guide them through the steps and preferably not confuse them with emails from database.com/salesforce which have no context about why they are receiving an email. Therefore I thought I'd use SSO for the signup process or use SAML to completely take user signout out of the picture (which turns out to be not possible due to me not reading the whole manual :(...

Also, does anyone have any experience around providing a nice user interface for the signup process when branding their own product but using db.com? It seems rather difficult to me to get it smooth!

 

The options I've tried are:

 

1: Just using plain database.com standard usernames + passwords, etc.
This works 'ok', but the signup process is not very nice for users for various reasons: a) I can't prompt users what's next after they receive an email from salesforce b) WTF the users are thinking - I thought I was dealing with another company c) there's a disconnect between the db.com user and my user state - if I use the login=consent for users to check that they are logging in as the relevant person (which happens for admins, etc) and they click the 'not you?' button, the user will never make it back to my domain and will get 'lost' on a dataabse.com error page. d) similar problem if the user forgets their password, or goes clicking around on the databse.com site they can get lost.


2: Using Bearer SAML
I've tried using bearer SAML, but eventually got stuck on the fine print. I thought this was perfect as someone with the correct certificates could control getting access tokens from the server for anyone, but there's a weird bit of fine print:
"A SAML OAuth 2.0 bearer assertion request looks at all the previous approvals for the user that include a refresh_token. If matching approvals are found, the values of the approved scopes are combined and anaccess_token is issued. If no previous approvals included a refresh_token, no approved scopes are available, and the request fails as unauthorized."

 

 

3: Federated SSO
So I thought SSO would work. I first tried the Bearer SAML approach above, but moved on as described earlier. So now the issue is to get SSO + OAuth working.

 

I've got all the pieces of the puzzle already working for some time:

* Admin users get logged on correctly using single sign on (not lite users as there is no interface so nothing to log into - thus it fails after the login
* OAuth using web-flow works fine when SSO is not in the picture.
* OAuth + SSO works fine for admin users

 

But when I'm using database.com lite user, I always get booted onto the SAML Single Signon 'Custom Error URL' after the SSO process is completed. Looking at the user which was logged in show:

 

Login Type: SAML Idp Initiated SSO
Status: Failed: API-only User

 

To me this feels like a Salesforce bug. Has anyone else experience this?

 

ben

  • December 24, 2012
  • Like
  • 0

Hi,

 

How can I force a user logging in with OAuth to be prompted for login instead of automatically authorizing the user. The problem comes when a user has multiple active browser sessions and has already 'allowed' the app previously to access the site.

 

If I'm logged into my dev org and pr

I'm using the web server authentication flow - using the following URL:

https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=xxx&redirect_uri=http://xxxx&display=full&immediate=false&state=xxx

 

* I've tried using immediate=false, but that makes no difference once the user has 'allowed' the app access.

* I've tried using https://login.salesforce.com/setup/secur/RemoteAccessAuthorizationPage.apexp instead of the normal https://login.salesforce.com/services/oauth2/token - this does force a prompt but then it gives me an 1800 error, whatever that is - i think that URL is for OAuth 1.0 (??).

 

Aside from being difficult when developing (since I'm logged into 1 org, and want to authenticate against another org), I think users will get confused if they are automatically logged into an org, even if they have previously allowed the app through. Also, it seems kind of random which org the user is logged into, which I wonder if this is a bug or by design?

 

Thanks

 

p.s. i love that the spell checker suggests 'salesrooms' for salesforce!

 

Ben

  • January 28, 2012
  • Like
  • 0

I want to get deleted records similar to the way the Soap library .queryAll() works, or the way the [ Select ... QUERY ALL ] works in Apex. Is there a way of doing this using the rest api?

 

I've tried a few different things without any luck:

 

"/services/data/v23.0/query/?q=Select ... QUERY ALL"

"/services/data/v23.0/queryAll/?q=Select ... "

"/services/data/v23.0/query_all/?q=Select ... "

 

so for now I'm back to soap :(

 

 

Thanks

 

Ben

  • November 03, 2011
  • Like
  • 0

i am developing an app in native Force.com.first i installed Google Tookit for apex using this link.then i try to authorize my app with google following this link. when i authorize app in a visualforce page. then an error occurs:

The page you have requested cannot be displayed. Another site was requesting access to your Google Account, but sent a malformed request. Please contact the site that you were trying to use when you received this message to inform them of the error. A detailed error message follows:

The site "http://force.com" has not been registered.

then i try to register app from this link https://www.google.com/accounts/ManageDomains i didn't get any way.i cant upload there tag in force.com home page.Can any one please tell how to get rid off this error.please help!!

Hello EveryBody , 

 

I'm trying to encrypt a Clear Text  (Test Data )using encryptWithManagedIV , I store this in a field . In the same class , I decrypt using  decryptWithManagedIV , the text decrypted is not the same as original text : Test Data , Why ? How can i get the original Data? 

 

Here is the class i used : 

 

for (Account a : accs)
		{
			
			
			
		 Blob key = Crypto.generateAesKey(128);
        // Generate the data to be encrypted. 
    
        Blob data = Blob.valueOf(a.Name);
        // Generate an encrypted form of the data using base64 encoding 
    
       
        // Encrypt and decrypt the data 
    	
        Blob encryptedData = Crypto.encryptWithManagedIV('AES128', key, data);
       
      // a.textcryptee__c=b64Data;
       
        String b64Data = EncodingUtil.base64Encode(data);
      a.textcryptee__c=b64Data;
      
        Blob decryptedData = Crypto.decryptWithManagedIV('AES128', key, encryptedData);
        String b64Decrypted = EncodingUtil.base64Encode(decryptedData);
        
        
        //String b64Decrypted = EncodingUtil.urlEncode(EncodingUtil.base64Encode(decryptedData), 'UTF-8');
		a.TextAcrypter__c=b64Decrypted;
		}

 It is very urgent and i'd like to have your Help ASAP 

 

 

For some obscure reason you can no longer grant access to custom objects to the standard user profile. I am not going to rant about how stupid this is (though I feel like) but I wanted to keep compatibble and allow the use of the apex code even for standard users. So I would like to detect the standard profiles (i.e. those that salesforce does not allow to gain access to custom objects). All I could come up with is test on the profiles names

 

    public boolean isStandardUserProfile ()
    {
        String ProfId= UserInfo.getProfileId();
        List<Profile> lstP = [select name from Profile where id =: ProfId];        
        Profile p = lstP [0];
        return p.name == 'Standard user' || p.name == 'Marketing User' || p.name == 'Contract Manager' || p.name == 'Solution Manager';        
    }

 

But this is not very clean, and what is worse it doesn't even work if the user has another language than english configured as apparently even the profile names are translated.

What can I do? All I need is to be able to make the distinction between a user not having access to the custom object because his profile is configured not to allow access and users from standard profile where salesforce does not allow you to configure access. Note that this is really inconsistent as they allow you to edit for standard users the field level security of custom objects, but you can never test on these settings as the access to the object is disabled.

Hi,

I need to setup an intranet site which will not hold any user accounts and will instead use salesforce as the identity provider despite the login actually being instigated from the intranet(service provider) site.

 

Follow-on question:

Following the authentication we need to communicate with the salesforce api using the credentials /token from the initial login.

 

Is it possible to work in this way and has anyone got any experience of doing something along these lines or is there a better way?

 

All help and comments very much appreciated!

 

Hi,

 

We have salesforce set up to SSO against our SAML IDP server. Log in works, but would like salesforce to respect single logouts that are initiated by our IDP or a different SP. Does salesforce support <samlp:LogoutRequest> requests? 

 

Thanks.

  • November 03, 2012
  • Like
  • 0

Hi,

 

How can I force a user logging in with OAuth to be prompted for login instead of automatically authorizing the user. The problem comes when a user has multiple active browser sessions and has already 'allowed' the app previously to access the site.

 

If I'm logged into my dev org and pr

I'm using the web server authentication flow - using the following URL:

https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=xxx&redirect_uri=http://xxxx&display=full&immediate=false&state=xxx

 

* I've tried using immediate=false, but that makes no difference once the user has 'allowed' the app access.

* I've tried using https://login.salesforce.com/setup/secur/RemoteAccessAuthorizationPage.apexp instead of the normal https://login.salesforce.com/services/oauth2/token - this does force a prompt but then it gives me an 1800 error, whatever that is - i think that URL is for OAuth 1.0 (??).

 

Aside from being difficult when developing (since I'm logged into 1 org, and want to authenticate against another org), I think users will get confused if they are automatically logged into an org, even if they have previously allowed the app through. Also, it seems kind of random which org the user is logged into, which I wonder if this is a bug or by design?

 

Thanks

 

p.s. i love that the spell checker suggests 'salesrooms' for salesforce!

 

Ben

  • January 28, 2012
  • Like
  • 0

I want to get deleted records similar to the way the Soap library .queryAll() works, or the way the [ Select ... QUERY ALL ] works in Apex. Is there a way of doing this using the rest api?

 

I've tried a few different things without any luck:

 

"/services/data/v23.0/query/?q=Select ... QUERY ALL"

"/services/data/v23.0/queryAll/?q=Select ... "

"/services/data/v23.0/query_all/?q=Select ... "

 

so for now I'm back to soap :(

 

 

Thanks

 

Ben

  • November 03, 2011
  • Like
  • 0