堆栈内存溢出
  简体   繁体   English

SalesForce使用openAM启动了SSO

[英]SalesForce initiated SSO using openAM

 原文  2012-01-06 11:31:22       salesforce/ single-sign-on/ openam

问题描述

We are implementing SSO for SalesForce using OpenAM. 我们正在使用OpenAM为SalesForce实现SSO。 We followed the steps @ http://blogs.oracle.com/rangal/entry/saml2_salesforce_com 我们按照步骤@ http://blogs.oracle.com/rangal/entry/saml2_salesforce_com进行操作

There are two scenarios 1. Idp (OpenAM) initiated SSO. 有两种情况1. Idp(OpenAM)发起了SSO。 2. Service provider (salesForce) initiated SSO. 2.服务提供商(salesForce)发起了SSO。

Scenario 1 works fine. 场景1工作正常。 Scenario 2 does not. 场景2没有。

I read in SSO best practices for SalesForce that scenario 2 cannot be implemented for SalesForce SSO. 我在SalesForce的SSO最佳实践中读到了SalesForce SSO无法实现的方案2。 Is this correct? 这个对吗? regards Sameer 对萨梅尔说

2 个解决方案

解决方案1
 3  2012-01-10 19:26:02

SP-initiated SAML SSO in Salesforce now uses the ' My Domain ' feature to remove the need for the persistent cookie. Salesforce中SP启动的SAML SSO现在使用“ 我的域 ”功能来消除对持久性cookie的需求。 Set up 'My Domain', then, when users go to http://your_cust_name.my.salesforce.com , Salesforce will use the hostname to figure out the correct identity provider (IdP) to which it will redirect the user. 设置“我的域”,然后,当用户访问http://your_cust_name.my.salesforce.com时 ,Salesforce将使用主机名找出将重定向用户的正确身份提供者(IdP)。

This article gives a good overview of the concept , and this one explains it specifically in the context of SSO from Microsoft Active Directory Federation Services . 本文对该概念进行了很好的概述 ,并且这一 概述 在Microsoft Active Directory联合身份验证服务的SSO上下文中进行了详细说明 Even if you're using different software at the IdP, there is much useful information there! 即使您在IdP使用不同的软件,也有很多有用的信息!

解决方案2
 1 已采纳  2012-01-06 22:23:07

SP initiated SSO is possible with SFDC and relies on a cookie (ssostartpage) pre-existing in the browser beforehand. SPDC可以通过SFDC启动SSO,并依赖预先存在于浏览器中的cookie(ssostartpage)。 Meaning the user should perform IdP init SSO the first time to set the cookie, then SP init SSO is possible from that point forward. 这意味着用户应该在第一次设置cookie时执行IdP init SSO,然后从那一点开始就可以使用SP init SSO。

See this post at SFDC security forum for more details. 有关详细信息,请参阅SFDC安全论坛上的这篇文章

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SP使用自定义身份验证从OpenAM和SalesForce启动SSO - SP initiated SSO from OpenAM & SalesForce using Custom Authentication SalesForce和OpenAM集成问题 - SalesForce & OpenAM integration issue Windows Azure AD SAML与Salesforce的集成是否支持服务提供商发起的SSO? - Does the Windows Azure AD SAML integration with Salesforce support Service Provider-initiated SSO? Salesforce SSO SAML验证 - Salesforce SSO SAML Validation 在Salesforce中实施SSO-NetSuite - Implementing SSO in Salesforce - NetSuite Salesforce无法实现SSO - Unable to implement SSO in Salesforce 使用Salesforce的SSO使用SAML2返回AuthnFailed错误 - SSO with salesforce using SAML2 returning AuthnFailed error 使用SalesForce.com进行SSO - SSO with SalesForce.com 使用Salesforce从SSO到Dynamics Portal - SSO to Dynamics Portal with Salesforce 适用于Salesforce CanvasApp的OKTA SSO - OKTA sso for Salesforce CanvasApp
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM