As a part of the project, Single Sign-On through Federated Authentication using SAML (Security Assertion Markup Language) is being implemented. Working on the Order Capture has intrigued me to explore a little bit about implementation of Single Sign On (SSO) in Salesforce.
IDP: Identity Provider
The above 4 steps are transparent to the User. The User just clicks on the login button, the above 4 processes happens in the background, and the User logs into the application.
Salesforce supports the following:
- Identity-provider-initiated login: when Salesforce logs into a service provider at the initiation of the end-user
- User tries to access a service provider already defined in Salesforce.
- Salesforce sends a SAML response to the service provider.
- Service provider identifies the user and authenticates the certificate.
- If the user is identified, they are logged into the service provider.
- Service-provider-initiated login: when the service provider requests Salesforce to authenticate a user, at the initiation of the end-user
- The service provider sends a valid SAML request. The endpoint is automatically generated when the service provider is defined—the SP-Initiated POST Endpoint.
- Salesforce identifies the user included in the SAML request. If a certificate was included as part of the definition, Salesforce authenticates the certificate.
- If the user isn’t already logged into Salesforce, they are prompted to do so.
- Salesforce sends a SAML response to the service provider.
- The service provider authenticates the SAML response sent by Salesforce. If the user has been authenticated, they are logged into the service provider. The user is also logged into Salesforce.
To be continued.. stay tuned for the next blog.
No comments:
Post a Comment
Thank you for visiting. Your comments are highly appreciated.