Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

6. Enterprise Server Interoperability wi... > Implementing Single Sign-On with Sal...

Implementing Single Sign-On with Salesforce

Implementing Single Sign-On with Salesforce Salesforce is a widely used CRM platform and supports federated authentication. In this recipe, we will briefly explore the steps to enable claims-based authentication in Salesforce. Getting ready You will need access to a Salesforce account to execute the steps in this recipe. We will be using the federation server that we configured as an identity provider in the previous chapter. How to do it... To implement Single Sign-On with Salesforce, perform the following steps: Log in to your Salesforce account and click on Setup under your account settings menu, as shown in the following screenshot: In the Setup page, expand the Security Controls node under Administration Setup and click on the Single Sign-On Settings link, as shown in the following screenshot: In the Single Sign-On Settings page, click on Edit under the Federated single sign-on using SAML section, as shown in the following screenshot: In the Single Sign-On Settings page, select the SAML Enabled checkbox and enter the following details: SAML Version: Select 2.0 from the dropdown list.Issuer: Enter the Entity ID (refer to the FederationMetadata.xml file in your Active Directory instance).Identity Provider Certificate: Select the domain certificate.SAML User ID Type: Select Assertion contains the Federation ID from the User object.SAML User ID Location: Select User ID is in the NamesIdentifier element of the Subject statement, as shown in the following screenshot: Save the changes by clicking on the Save button. Review Single Sign-On Settings and click on the Download Metadata button to download the federation metadata configuration file: Register your Salesforce account as a relying party with the identity provider (AD FS 2.0 in our recipe) using the federation metadata document that you downloaded in the previous step. Create a claims transformation rule to map a LDAP UPN claim to NameID.Update the user profile in your Salesforce account to include the UPN as Federation ID, as shown in the following screenshot: Your Salesforce account is now successfully configured for Single Sign-On using AD FS 2.0. How it works... For an identity provider (for example, AD FS 2.0) initiated sign-on, you can click on a link that redirects to the https://<your domain url>/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://saml.salesforce.com URL from your intranet. This will initiate an SAML sign-on with Salesforce and, after a successful authentication, you will be signed-in. There's more... There is an assertion validator available within your Salesforce account to validate the security token. Capture the SAML Response using Fiddler and use it to validate and resolve any issues reported by Salesforce.

  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint