Thursday, March 23, 2017

Salesforce (SFDC) as an Identity Provider (Idp)

Started to implement SSO for one of my project without knowing anything.
Trying to note down to identify the bits and pieces here.
Steps followed :

  1. Set up a dev account with Salesforce.
  2. Playing with Salesforce how SAML based authentication works in there :
  3. Set up a custom web application (SP-service provider) to work with Salesforce (Idp) :
  4. Step 4 din cover how I can actually redirect to a particular page after successful login. Utilising the  RelayState parameter.

When sending Authentication request pass the RelayState parameter as below :
On AssertionConsumerServiceUrl check for the RelayState url parameter is passed back :

Issues I will be working on next are :
1. Registration - how it works from custom website
2. How it will works for manual approval for registered users.Any api or else ?
3. How the authentication works through this custom site wide - do I need to ping every time to Idp ?

Ultimate goal is to prepare a project template that can be reused.