Setup Federated Authentication (SAML) based SSO

SAML stands for “Security Assertion Markup Language” and it is Open standard for exchanging Authentication and Authorization between Systems. SAML based authentication is supported by all editions of Salesforce.
User Validation can be initiated by any one of below two types:
  1. Service Provider Initiated SSO
  2. Identity Provider (IDp) initioated SSO
We are going to use Identity Provider Initiated SSO in this article. Means User will Login from Outside(IDp) and will be redirected to Salesforce (Service Provider). Identity Provider must follow Federated Authentication (SAML) standard which should be deployed to DMZ (URL should be publicly accessible on Internet) layer of your Organization. As a Salesforce developer you should assume that you will always get IDp URL which implements SSO and implements valid SAML response. To Quickly start with this tutorial assume that your organization already deployed SAML based Authentication endpoint and for that we will be using great Heroku app available freely as open source named “AXIOM“.
ID Initiated Single Sign On :
In IDP Initiated SSO, User Directly logins to Identity provider and IDP redirects user to proper Salesforce Instance with SAML assertion in request (Service Provider). If SAML assertion is valid then Salesforce validates that user successfully.
Step 1 : Enable My Domain

Step 2: Download Identity Provider Certificate
In this step we are going to get certificate from IDp. This certificate will be used by Salesforce to validate that client coming for user authentication is valid to avoid any unauthorized access to Service Provider (In our case it is Salesforce).
You can download certificate by navigating to Axiom application here.

Step 3: Enable Single Sign On in Salesforce
Navigate to “Setup | Security Controls | Single Sign-On Settings” and check “SAML Enabled” option.
Step 4 : Configure Single Sign On
Step 4 : Configure Single Sign On
Once SAML is enabled, new section will appear on same page to create New “SAML Single-On Settings”.
Click on New Button and provide following informations
  • NAME – any name will work
  • API Name – any valid name
  • Issuer – Any name. You must remember this as your IDp must pass the same name while sending request
  • Identity Provider Certificate – Upload certificate here downloaded on step 2.
  • Entity Id – “https://saml.salesforce.com”
  • SAML Identity Type – Assertion contains the Federation ID from the User object
  • SAML Identity Location – Identity is in the NameIdentifier element of the Subject statement
  • Identity Provider Login URL – “http://axiomsso.herokuapp.com/RequestSamlResponse.action” (This URL must be publicly accessible on Internet)
  • Service Provider Initiated Request Binding – HTTP POST
Step 5: Generate a SAML Response
Navigate to this URL and click on “generate a SAML Response” link.
Enter following detail in next screen:
  • SAML Version – 2.0
  • Username OR Federated ID – Once saml is enabled, One new field is created on user record “Federation ID”. 
  • User ID Location – Subject
  • Issuer – Issuer name which we already in Step4 while configuring SSO. In our case it is AXIOM
  • Recipient URL – This should be “Salesforce Login URL” which will be visible once we save SSO settings in Step 4. You can see it in Image 2 above.
  • Entity Id – https://saml.salesforce.com
  • SSO Start Page – http://axiomsso.herokuapp.com/RequestSamlResponse.action
  • User Type – Standard
After providing above details click on “Request SAML response” button.

In this page, you can see format of SAML response. You dont have to change anything on this screen, click on Login button.
If everything is OK, you will be on Salesforce Home page.


Comments

Post a Comment

Popular posts from this blog

Be a champ in test class. Test classes from start to end.

Image
For  development of robust, error-free code, Apex Code requires the creation and execution of unit tests. Unit tests are class methods that verify whether a particular piece of code is working properly.  Unit tests are written in Apex Code and annotated with the  annotation @testmethod.  The test methods must provide at least 75% code coverage.  Code coverage is calculated by dividing the number of unique Apex code lines executed during your test method execution by the total number of Apex code lines in all of your trigger and classes. Defining a Test Method using the  testMethod  keyword For defining  an Apex method as a 'test method',Define the method as  static  and add the keyword  testmethod.  Classes defined with the  isTest  annotation do not count against your organization limit of 2 MB for all Apex code. Classes annotated with  isTest  can be declared as private or public....
Read more

Action tags in VisualForce Salesforce

Action tags-This tags support for calling action and refresh the field only not visualforce page. apex:actionFunction -     Provides support for invoking controller action methods directly from JavaScript code using an AJAX request. An <apex:actionFunction> component must be a child of an <apex:form> component. apex:actionPoller      A timer that sends an AJAX update request to the server according to a time interval that you specify. Update request can then result in a full or partial page update. You should avoid using this component with enhanced lists. apex:actionRegion        This action tag is use AJAX request for particular field or component. Like we have change the value of pick list in visual force then request go to Server and come back through AJAX without Saving the VF page. apex:actionStatus           A c...
Read more

All about workflow rule , limitation and important points with example

Image
Workflow Rule  Workflow is a force platform business logic engine that allows us to automatically send email alerts, assign tasks, field updates based on rules that we define. – Defined trigger criteria based on your business requirements – Evaluated when record is created, when created/updated, OR when created/updated and did not previously meet trigger criteria – When trigger criteria is met workflow actions, such as email alerts, tasks, field updates, or outbound messages are generated To get started using workflow rules, click • Setup | Create| Workflow & Approvals | Workflow Rules Workflow action in Salesforce : Task Alert Email Field Update Outbound message #1 Workflow Task: Assign task to a user #2 Email Alert Used to generate email from the workflow #3 Field Update  https://help.salesforce.com/apex/HTViewHelpDoc?id=workflow_field_update_considerations.htm&language=en #4 Outbound Messages:  Sen...
Read more