Salesforce Developer Community

Chatter

Feed
0

Best Answers
0

Likes Received
0

Likes Given
0

Questions
5

Replies

SSO to sites using ping federate

Hi,

We are using ping identity (SAML 2.0) for SSO into sites. Site is associated with a partner portal. If I don't give siteURL i'm able to successfully login into partner portal. However if I use SiteURL i'm getting "replay detected" error. It logs in and I guess somehow a new request is comming in. below is the error and SAML assertion.

8/19/2010 10:12:55 PM PDT

58.32.239.82

SAML Site SSO

Failed: Replay Detected

cs3.salesforce.com

8/19/2010 10:12:52 PM PDT

58.32.239.82

SAML Site SSO

Success

cs3.salesforce.com

<Response IssueInstant="2010-08-20T04:42:45.371Z" ID="jxF4EUmkBlHYokyA91_c5F7RssS" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:Issuer>https://ssod1.xxxxxxxx.com/saml2</saml:Issuer>
<Status>
    <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</Status>
<saml:Assertion Version="2.0" IssueInstant="2010-08-20T04:42:45.373Z" ID="t74fyF1Bax6ZZ8gIFIAU.ChQsTE">
    <saml:Issuer>https://ssod1.xxxxxxxx.com/saml2</saml:Issuer>
    <ds:Signature>
      <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        <ds:Reference URI="#t74fyF1Bax6ZZ8gIFIAU.ChQsTE">
          <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:Transforms>
          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
          <ds:DigestValue>6hmEvvGmeN/Ukz1u/yeeivegMz4=</ds:DigestValue>
        </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>WMLxDMqHXteSmt5Z4AL81jPYjOF5hk9oT6pA4l4a24bhhC9XYH6JbHw9Ln4CXwAwpDebUwtCWa1N
NZkwGa6U4PhlXn6Xlnazc/JuEz51hWemkINiBQOWFlqLyEUhv7yiKAKGQJE8nIR+pkOC+NU+1f/p
jUt29UdCMirSJZ/gO+0=</ds:SignatureValue>
    </ds:Signature>
    <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">200709120228664</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData NotOnOrAfter="2010-08-20T04:46:45.374Z" Recipient="https://cs3.salesforce.com/?saml=MgoTx78aEPC5RZR2VydTkscLHwiqT5gc8SMOClzEN0Sj4oKjpfyR.xxxxxxxxxxxxxxxxxx=="/>
      </saml:SubjectConfirmation>
    </saml:Subject>
    <saml:Conditions NotOnOrAfter="2010-08-20T04:46:45.374Z" NotBefore="2010-08-20T04:41:45.374Z">
      <saml:AudienceRestriction>
        <saml:Audience>https://saml.salesforce.com</saml:Audience>
      </saml:AudienceRestriction>
    </saml:Conditions>
    <saml:AuthnStatement AuthnInstant="2010-08-20T04:42:45.373Z" SessionIndex="t74fyF1Bax6ZZ8gIFIAU.ChQsTE">
      <saml:AuthnContext>
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
      </saml:AuthnContext>
    </saml:AuthnStatement>
    <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="siteUrl">
        <saml:AttributeValue xsi:type="xs:string">https://xxxxxxxxsupport.xxxxsfdev.cs3.force.com/ppSiteLogin</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="GUID">
        <saml:AttributeValue xsi:type="xs:string">200709120228664</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="portal_id">
        <saml:AttributeValue xsi:type="xs:string">060300000005W44</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="organization_id">
        <saml:AttributeValue xsi:type="xs:string">00DQ0000000AnvB</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="startUrl">
        <saml:AttributeValue xsi:type="xs:string">pphomepagelinks</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="userId">
        <saml:AttributeValue xsi:type="xs:string">rluke</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="SFDC_USER_ID">
        <saml:AttributeValue xsi:type="xs:string">200709120228664@xxxxxxxx.com.xxxxsfdev</saml:AttributeValue>
      </saml:Attribute>
      <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="userType">
        <saml:AttributeValue xsi:type="xs:string">external</saml:AttributeValue>
      </saml:Attribute>
    </saml:AttributeStatement>
</saml:Assertion>
</Response>

entityId: https://saml.salesforce.com (SP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
relayState: https://xxxxxxxxsupport.xxxxsfdev.cs3.force.com
Endpoint: https://cs3.salesforce.com/?saml=MgoTx78aEPC5RZR2VydTkscLHwiqT5gc8SMOClzEN0Sj4oKjpfyR.cZYMP5e5V0thmAA14D6E2YV1XZYwty==
SignaturePolicy: DO_NOT_SIGN

satyap
August 20, 2010
Like
0

1 replies

SSO and Customer Portal

Hello,

I have a question and am a little confused after reading the documentation.

I want to use SSO for the customer portal. My users are authenticated on a custom app. From the custom app when they click on a link, I need to then forward them to the Customer Portal and do not want them to login again.

Questions -

1. Do I need to use federated authentication or can I use delegated authentication and what is the preferred way?

2. If while logging in, If I find that a user does not exist in Salesforce, can I then create a user by using the api and then log them in?

Thanks

Rohit

rohit.mehta
June 02, 2010
Like
0

8 replies

Question on SAML usage for single sign on betweeen salesforce ideas portal site and our local sites

Hi,

We are planning for single sign on between our local sites and salesforce ideas portal site. We have a database for authenticating users for our local site and now we want to extend this functionality on to ideas portal as well. The concern is our database / authentication mechanism as of now doesnt support SAML. So is it possible to achive single sign on with the ideas portal and our local sites without using SAML? I am just curious to know the feasibility - is it possible or not?

Thanks.

Message Edited by EIE50 on 02-16-2010 04:06 PM

EIE50
February 16, 2010
Like
0