堆栈内存溢出
  简体   繁体   English

SAML重定向到特定的IDP(Salesforce与Arcot + PING + Siteminder)

[英]SAML Redirect to specific IDP (Salesforce vs Arcot + PING + Siteminder)

 原文  2012-04-18 22:53:38       salesforce/ saml-2.0/ siteminder/ pingfederate

问题描述

We need to support the following Authentication flows 我们需要支持以下身份验证流程

  • User 1 logs into Salesforce using Salesforce Credentials 用户1使用Salesforce凭证登录到Salesforce

  • User 2 logs into Salesforce using Arcot +Ping + Siteminder credentials 用户2使用Arcot + Ping + Siteminder凭据登录到Salesforce

  • User 2 logs into Custom App using Arcot + Ping + Siteminder credentials 用户2使用Arcot + Ping + Siteminder凭据登录自定义应用

Since all the authentication methods above are SAML, I need to find a way to address home realm discovery that is a unusual "mesh" of authentication flows. 由于上述所有身份验证方法都是SAML,因此我需要找到一种解决家庭域发现的方法,这是一种不常见的身份验证流“网”。

Question

How should I set up the IDP and RPs to handle this scenario? 我应该如何设置IDP和RP来处理这种情况?

How would home realm discovery work? 家庭领域发现将如何工作?

1 个解决方案

解决方案1
 0  2012-04-19 23:14:36

I'm going to assume that you have My Domains setup and SAML 2.0 setup in your org, and you're trying to route an unauthenticated page request to its appropriate authentication source. 我将假设您的组织中有“我的域”设置和SAML 2.0设置,并且您尝试将未经身份验证的页面请求路由到其适当的身份验证源。

Since you can't distinguish between users 1 and 2 in the original unauthenticated request, you'll need an interstitial page that asks for user input, ie "Let me login with username/password" or "I login with single sign on". 由于您无法在未经身份验证的原始请求中区分用户1和2,因此需要一个非页内页面,要求用户输入,即“让我使用用户名/密码登录”或“我通过单点登录登录”。 Point to this page in the "Identity Provider Login URL" section of your SAML settings. 在您的SAML设置的“身份提供者登录URL”部分中指向此页面。 If the user chooses username/password, redirect the user to the My Domains login page where they'll login with un/pw. 如果用户选择用户名/密码,则将用户重定向到“我的域”登录页面,他们将使用un / pw登录。 If they choose SSO, then send them to your IDP and propagate the SAML Request & RelayState to initiate the SAML protocol. 如果他们选择SSO,则将它们发送到您的IDP,并传播SAML请求和中继状态以启动SAML协议。

Similarly, unauthenticated requests to the custom app need to redirect to the IDP, so that they will initiate SAML. 同样,对自定义应用程序的未经身份验证的请求需要重定向到IDP,以便它们将启动SAML。 Is the custom app inside of salesforce (as a different tabset), or hosted outside of salesforce? 定制应用程序是在salesforce内部(作为其他选项卡集)还是在salesforce外部托管? If the custom app is separate from salesforce, you'll need to setup the identity provider so that it has 2 RPs: one for salesforce and one for this custom app. 如果自定义应用程序与Salesforce分开,则需要设置身份提供程序,使其具有2个RP:一个用于Salesforce,另一个用于此自定义应用程序。 If the custom app is in salesforce, how is the user going to express intent to access salesforce vs the custom app? 如果自定义应用程序在Salesforce中,那么用户将如何表达访问Salesforce和自定义应用程序的意图?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Salesforce作为SAML 2.0 IDP提供程序 - Using salesforce as saml 2.0 idp provider SAML SSO - 如何配置动态 ACS URL(SalesForce 是 IdP) - SAML SSO - How to configure a dynamic ACS URL (SalesForce is IdP) “HTTP状态401 - 身份验证失败:传入SAML消息无效”,Salesforce为IdP,用于实施SSO - “HTTP Status 401 - Authentication Failed: Incoming SAML message is invalid” with Salesforce as IdP for implementating SSO Salesforce作为Azure ACS中的IdP - SalesForce as IdP in Azure ACS Salesforce作为Okta的IDP - Salesforce as an IDP in Okta Salesforce SSO SAML验证 - Salesforce SSO SAML Validation 使用 SAML 和 Salesforce 访问 Azure - Access to Azure with SAML and Salesforce B2C 作为 SalesForce 的 IdP - B2C as IdP for SalesForce 使用Spring SAML自动重定向到IdP - Redirecting to IdP Automatically using Spring SAML 使用Salesforce作为ASP.NET的IDP? - Using Salesforce as IDP for ASP.NET?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM