- Home
- Technical Library
- Boards
- Cookbook
- Code Share
- Blogs
- Partners
-
More
-
Services
- Training & Certification
- Support
-
Galleries
- Force.com Sites Gallery
- Chatter Challenge Entries
-
Other Web Sites
- Salesforce.com
- Database.com
- AppExchange
- CRM Community
-
Discussions
- Announcements
- General Development
- Schema Development
- New to Cloud Development
- Apex Code Development
- Visualforce Development
- Formulas & Validation Rules Discussion
- Security
- Mobile
- Force.com Sites
- Chatter Development
- Java Development
- .NET Development
- Perl, PHP, Python & Ruby Development
- Adobe Flash Builder for Force.com
- Desktop Integration
- REST API Integration
- Streaming API
- Visual Workflow
- Apple, Mac and OS X
- VB and Office Development
- Excel Connector
- AJAX Toolkit & S-controls
- Force.com Builder & Native Apps
- AppExchange Directory & Packaging
- Force.com Labs Projects
- Open Source
- Site.com
- Jobs Board - Administrators
- Jobs Board - Developers
- Force.com Discussion Boards
- :
- Developer Boards for Force.com and Database.com
- :
- Security
- :
- Re: SSO Federated Authentication Help needed
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic to the Top
- Bookmark
- Subscribe
- Printer Friendly Page
SSO Federated Authentica
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Email to a Friend
- Report Inappropriate Content
05-05-2010 08:30 PM
Hi,
We are trying to implement the SSO using the Federated authentication (SAML)
I have following implementation Questions:
1) Using the Federated Authentication.. i have enabled all that needs to be done on Salesforce security setup option for SSO settings.. Now How can i restrict the users not to login using the regular process.
2)How can have the Per user basis SSO enabled , i see from the documentation that this kind of feature can be enabled by having a profile with the "Is Single Sign-on" permission feature available in Delegated SSO.
is there any thing of that sort in Federated Authentication.?
3)All of the documentation in salesforce official documentation states of enabling SSO, related to Idp Initiated SSO. what about SP-initiated SSO.. Is there somewhere where i can get the SP-Initiated SSO documentation.. ?
If so .. (how do i have the users redirect to my login page when a user uses a bookmarked URL or where is the configuration in salesforce account where i can set up the URL for my Login page.)?
Would greatly appreciate your feed on the above Questions , as of now we are behind the scheduled delivery date with SSO setup with salesforce.. ??
Gracias,
Rao
Re: SSO Federated Authentica
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Email to a Friend
- Report Inappropriate Content
05-10-2010 01:25 PM
1) At the moment, you must either set their password to an unknown value, or setup a delegated authentication endpoint that prevents this. In a future release, you'll be able to prevent this using the new "My Domains" feature and preventing people from directly logging in. Should be Winter in plan holds.
2) Per profile controls are only for Delegated Authentication. This does not exist for Federated / SAML
3) If you read through the SAML documentation, you'll find information about special attributes to pass in your SAML assertions. If you pass an attribute called "ssoStartPage" we'll use it's value as your AssertionConsumerService URL for SP initiated, and send it SAML 2 Authn Requests. Note that you need to perform IDP initiated at least once in order to pass this parameter to us. After we've seen it once, SP initiated will just work. In a future release, you'll be able to use the "My Domains" feature in order to tie SP initiated SSO to your domain directly. Should be in Winter if plan holds.
