I am trying to connect to salesforce from my java web application. I want my application to act as an Idp and salesforce as SP. However I need help to send assertion to salesforce. Please help!!
See Question&Answers more detail:os
person
1 Answer
Question 1: I want my application to act as an Idp and salesforce as SP.
Answer:
(I) You should implement SAML IdP with your Java web application.
(II) For quick deployment of SAML IdP on your production environment, leveraging third-party SAML IdP (such as Shibboleth IdP) is highly recommended. Then you have sufficient time to develop your own SAML IdP for your Java web application.
We developed our former version of Zero-Password Authentication and Authorization System in Java and leveraged Shibboleth IdP to provide SAML SSO for enterprise applications.
We developed our current version of Zero-Password Authentication and Authorization System with scalability and high availability in Scala to provide SAML SSO natively for enterprise applications without Shibboleth IdP.
(III) How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provides the instruction on building your own IDP for SAML in Java using Shibboleth SAML IdP and OpenLDAP.
Shibboleth SAML IdP is responsible for identity federation.
OpenLDAP is responsible for identity authentication.
(IV) I have validated SAML Single Sign-On (SSO) provided by Docker-running Shibboleth SAML IdP (Identity Provider) and OpenLDAP for the following enterprise applications. In other words, I leveraged Docker-running Shibboleth SAML IdP and OpenLDAP to log in to the following enterprise applications successfully.
Microsoft Office 365
Google G Suite
Salesforce
Dropbox
Box
Amazon AWS
OpenStack
Citrix NetScaler
VMware vCloud Director
Oracle NetSuite
(V) For your convenience, I have made the 8th commit to upload the Salesforce SP metadata and corresponding SAML configuration to How to build and run Shibboleth SAML IdP and SP using Docker container.
Note that I have logged in to Salesforce organization "example.com" account (https://example.my.salesforce.com) with username "winston.hong@example.com" successfully using Shibboleth IdP running with Docker Container.
By performing the following Shibboleth SAML IdP configuration procedure, you can log in to your Salesforce organization "your-company.com" account (https://your-company.my.salesforce.com) with your username (such as "winston.hong@your-company.com").
(V.a) Download the source code of building and running Shibboleth SAML IdP from GitHub repository.
$git clone https://github.com/winstonhong/Shibboleth-SAML-IdP-and-SP
(V.b) Replace "shibboleth-idp-dockerized/ext-conf/metadata/ sp-salesforce-com.metata" with your Salesforce SP metadata downloaded from your Salesforce organization account.
(V.c) Edit "shibboleth-idp-dockerized/ext-conf/conf/relying-party.xml" to replace SAML SP entityID "https://example.my.salesforce.com" with "https://your-company.my.salesforce.com"
(V.d) Edit "LDAP-Dockerized-CentOS/users.ldif" to replace user info "winston.hong@example.com" with your user info "winston.hong@your-company.com".
(V.e) Follow the instruction provided by README (https://github.com/winstonhong/Shibboleth-SAML-IdP-and-SP/blob/master/README.md) to build and run Shibboleth IdP, OpenLDAP and Shibboleth SP.
Validate that you can log in to Shibboleth SP application through Shibboleth IdP.
(V.f) Use the [public certificate template "shibboleth-idp-dockerized/ext-conf/credentials/idp-signing.crt" and the 2nd signing certificate of "shibboleth-idp-dockerized/ext-conf/metadata/idp-metadata.xml" to create the assertion signing public certificate of Shibboleth IdP. Then you need to upload the signing certificate of Shibboleth IdP to your Salesforce organization account.
(V.g) Follow the instruction Set Up Salesforce Single Sign-On for Your Internal Users to complete SAML SP configuration with your Salesforce organization account. Note that "Select Assertion contains the User's Salesforce username for SAML Identity Type".
(V.h) Now you can log in to your Salesforce organization account as SP through Shibboleth IdP.
It is easy to configure Shibboleth IdP to use the same data store/repository (such as OpenLDAP or MySQL) of your Java web application. Then you Java web application acts as SAML IdP without any development task required.
(VI) Another StackOverflow question "Setting up a new Shibboleth IdP to work with an existing SAML SP" provides valuable information and discussions on Shibboleth SAML configuration.
Question 2: However I need help to send assertion to Salesforce.
Answer:
Follow the instruction provided by answer to Question 1, your Java web application can leverage Java-based Shibboleth SAML IdP to send assertion to Salesforce.
- Xstack问答社区
- 生活宝问答社区
- OverStack问答社区
- Ostack问答社区
- 在这了问答社区
- 在哪了问答社区
- Xstack问答社区
- 无极谷问答社区
- TouSu问答社区
- SQlite问答社区
- Qi-U问答社区
- MLink问答社区
- Jonic问答社区
- Jike问答社区
- 16892问答社区
- Vigges问答社区
- 55276问答社区
- OGeek问答社区
- 深圳家问答社区
- 深圳家问答社区
- 深圳家问答社区
- Vigges问答社区
- Vigges问答社区
- 在这了问答社区
- DevDocs API Documentations
- Xstack问答社区
- 生活宝问答社区
- OverStack问答社区
- Ostack问答社区
- 在这了问答社区
- 在哪了问答社区
- Xstack问答社区
- 无极谷问答社区
- TouSu问答社区
- SQlite问答社区
- Qi-U问答社区
- MLink问答社区
- Jonic问答社区
- Jike问答社区
- 16892问答社区
- Vigges问答社区
- 55276问答社区
- OGeek问答社区
- 深圳家问答社区
- 深圳家问答社区
- 深圳家问答社区
- Vigges问答社区
- Vigges问答社区
- 在这了问答社区
- 在这了问答社区
- DevDocs API Documentations
- Xstack问答社区
- 生活宝问答社区
- OverStack问答社区
- Ostack问答社区
- 在这了问答社区
- 在哪了问答社区
- Xstack问答社区
- 无极谷问答社区
- TouSu问答社区
- SQlite问答社区
- Qi-U问答社区
- MLink问答社区
- Jonic问答社区
- Jike问答社区
- 16892问答社区
- Vigges问答社区
- 55276问答社区
- OGeek问答社区
- 深圳家问答社区
- 深圳家问答社区
- 深圳家问答社区
- Vigges问答社区
- Vigges问答社区
- 在这了问答社区
- DevDocs API Documentations
联盟问答网站-Union QA website
广告位招租