堆栈内存溢出
  简体   繁体   English

使用salesforce.com进行SAML身份验证

[英]SAML authentication using salesforce.com

 原文  2011-05-09 15:47:54       java/ security/ salesforce/ saml/ opensaml

问题描述

In our web application I want Identity provider ( IdP ) which authenticate users using salesforce.com . 在我们的Web应用程序中,我想要使用salesforce.com对用户进行身份验证的身份提供程序( IdP )。

I have done with Single Sign-On Settings at salesforce.com. 我在salesforce.com上完成了单点登录设置

After these setting salesforce provide a metadata file. 在这些设置之后,salesforce提供元数据文件。

Please tell me: 请告诉我:

  • Is there any other setting I need to make at salesforce.com? 我还需要在salesforce.com上进行其他设置吗?
  • What to do next in my java code to authenticate user? 我的java代码中的下一步要对用户进行身份验证?

1 个解决方案

解决方案1
 4 已采纳  2011-05-10 01:56:57

If you have Salesforce.com acting as a SAML Service Provider, then you will need to send SAML Assertions from your IdP to Salesforce.com to authenticate users. 如果您将Salesforce.com充当SAML服务提供商,则需要从您的IdP向Salesforce.com发送SAML断言以对用户进行身份验证。 These are basically signed XML blobs that get passed around in an HTTP Redirect or HTTP POST to authenticate users. 这些基本上是签名的XML blob,它们在HTTP重定向或HTTP POST中传递以验证用户身份。

From the Salesforce.com configuration side it's quite simple. 从Salesforce.com配置方面来看,它非常简单。 Here is a sample of what is required on that side to configure with the OpenSSO solution: https://indirat.wordpress.com/salesforce/ 以下是使用OpenSSO解决方案进行配置所需的示例: https//indirat.wordpress.com/salesforce/

What you enter in that configuration, largely depends on what your IdP can do. 您在该配置中输入的内容在很大程度上取决于您的IdP可以执行的操作。 For example, what version of SAML, what & where the user identifier is in the SAML assertion, and the public verification certificate that matches the key used by your IdP to digital sign assertions. 例如,SAML的版本,SAML断言中用户标识符的位置和位置,以及与IdP用于数字签名断言的密钥匹配的公共验证证书。

How you handle this in "your java code" is a huge question with many answers. 你如何在“你的java代码”中处理这个问题是一个很大的问题,有许多答案。 You should be using a proven SAML solution as your IdP, rather than trying to implement the SAML specification yourself. 您应该使用经过验证的SAML解决方案作为您的IdP,而不是自己尝试实施SAML规范。 There are several open source libraries such as OpenSAML that work nicely in a Java context, but will require significant effort to integrate. 有几个开源库,如OpenSAML ,可以在Java上下文中很好地工作,但需要大量的工作才能集成。 Commercial solutions such as those offered by SSO & federation solution vendors (like Ping Identity ) make things considerably easier if you have a budget. 如果您有预算,商业解决方案(例如SSO和联邦解决方案供应商提供的解决方案供应商(如Ping Identity ))可以使事情变得更加容易。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从salesforce.com调用heroku Java应用程序? - How to call heroku java app from salesforce.com? “入门”中的salesforce.com Java SOAP API示例代码超时异常 - Timeout exception with salesforce.com Java SOAP API example code from 'getting started' 使用带有Java的Rest API进行Salesforce身份验证 - Salesforce authentication using Rest API with JAVA 使用 OneLogin java SAML 身份验证传递和检索属性 - Passing and retrieving Attributes using OneLogin java SAML authentication 使用Spring Security SAML Extension更改身份验证类型 - Change type of authentication using Spring Security SAML Extension Java中使用SAML2进行SSO身份验证以及如何使用HtmlUnit执行JavaScript - SSO authentication with SAML2 in Java and How to Execute JavaScript by Using HtmlUnit 使用OpenSaml3.1.1准备SAML身份验证请求 - Prepare SAML Authentication request using OpenSaml3.1.1 SAML身份验证失败 - SAML authentication failing SAP JCo SAML 身份验证 - SAP JCo SAML authentication CAS验证SAML错误 - CAS authentication SAML error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM