SP使用自定义身份验证从OpenAM和SalesForce启动SSO
[英]SP initiated SSO from OpenAM & SalesForce using Custom Authentication
问题描述
I did SP initiated SSO for SalesForce and OpenAM successfully. 
我确实为SP成功地为SalesForce和OpenAM启动了SSO。 In SalesForce SSO setting I used Identity Provider Login URL : http://localhost:8080/opensso/SSOPOST/metaAlias/idp 在SalesForce SSO设置中,我使用了身份提供程序登录URL: http://localhost:8080/opensso/SSOPOST/metaAlias/idp
This URL accept SAML request and created SAML Assertion for SalesForce with IDP default login authentication. 此URL接受SAML请求,并使用IDP默认登录身份验证为SalesForce创建SAML声明。
Instead of above URL I when I use my Custom Authentication Module URL. 当我使用自定义身份验证模块URL时,我会使用上述URL而不是URL。 It does: 它确实:
It redirect to IDP with custom authentication
通过自定义身份验证重定向到IDP Does the authentication and display IDP home page.
进行身份验证并显示IDP主页。
It won't show SalesForce home page. 它不会显示SalesForce主页。 I checked debug log it is not creating SAML assertion for SalesForce. 我检查了调试日志,它没有为SalesForce创建SAML断言。
Is it possible to create SAML assertion from IDP? 是否可以从IDP创建SAML断言? Or should custom authentication module has to take care to create SAML assertion? 还是自定义身份验证模块必须注意创建SAML断言?
1 个解决方案
解决方案1
0 已采纳 2012-01-10 19:15:36
Don't change the URL in the Salesforce SSO settings - that needs to remain http://localhost:8080/opensso/SSOPOST/metaAlias/idp in order to do SAML. 请勿在Salesforce SSO设置中更改URL,该URL必须保持http:// localhost:8080 / opensso / SSOPOST / metaAlias / idp才能执行SAML。 Instead, in the extended metadata for the identity provider, you should set AuthUrl to your custom auth module URL - eg http://localhost:8080/opensso/UI/Login?module=CustomAuth . 相反,在身份提供者的扩展元数据中,应将AuthUrl设置为自定义身份验证模块URL-例如, http:// localhost:8080 / opensso / UI / Login?module = CustomAuth 。
This document at Oracle describes a similar configuration http://docs.oracle.com/cd/E19575-01/820-4729/ggxft/index.html Oracle上的此文档描述了类似的配置http://docs.oracle.com/cd/E19575-01/820-4729/ggxft/index.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.