1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
|
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:1.9:applications:salesforce</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,applications,salesforce"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="salesforce.html"/>
<link rel="contents" href="salesforce.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9:applications';var JSINFO = {"id":"documentation:1.9:applications:salesforce","namespace":"documentation:1.9:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#create_salesforce_domain">Create Salesforce domain</a></div></li>
<li class="level2"><div class="li"><a href="#saml_settings">SAML settings</a></div></li>
<li class="level2"><div class="li"><a href="#configure_federation_id">Configure Federation ID</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="salesforce">SalesForce</h1>
<div class="level1">
<p>
<a href="salesforce-logo.jpg_documentation_1.9_applications_salesforce.html" class="media" title="applications:salesforce-logo.jpg"><img src="salesforce-logo.jpeg" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "SalesForce" [1-68] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<span class="curid"><a href="salesforce.html" class="wikilink1" title="documentation:1.9:applications:salesforce">Salesforce</a></span> Salesforce Inc. is a cloud computing company. It is best known for their CRM products and social networking applications.
</p>
<p>
It allows to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It can deal with both SP and IdP initiated modes.
</p>
<p>
This page presents the SP initiated mode.
</p>
<p>
To work with <abbr title="LemonLDAP::NG">LL::NG</abbr> it requires:
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> configured as <a href="../idpsaml.html" class="wikilink1" title="documentation:1.9:idpsaml">SAML Identity Provider</a></div>
</li>
</ul>
</div>
<!-- EDIT2 SECTION "Presentation" [69-468] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">
<p>
You should have configured <abbr title="LemonLDAP::NG">LL::NG</abbr> as a <a href="../idpsaml.html" class="wikilink1" title="documentation:1.9:idpsaml">SAML Identity Provider</a>.
</p>
</div>
<!-- EDIT3 SECTION "Configuration" [469-574] -->
<h3 class="sectionedit4" id="create_salesforce_domain">Create Salesforce domain</h3>
<div class="level3">
<p>
<a href="my_domain_salesforce-resize-web.png_documentation_1.9_applications_salesforce.html" class="media" title="applications:my_domain_salesforce-resize-web.png"><img src="my_domain_salesforce-resize-web.png" class="mediacenter" alt="" /></a>
</p>
<p>
For using SP-initiated mode, you must create your salesforce domain. Creation can take up to 1 hour. (if it is superior to 1h, then there is a problem. Problems are generally resolved in up to 72 hours)
</p>
<p>
Then you must <strong>deploy</strong> this domain in order to go on with the configuration.
</p>
<p>
Finally, just ensure that at least:
</p>
<ul>
<li class="level1"><div class="li"> Login policy</div>
</li>
<li class="level1"><div class="li"> Redirect policy</div>
</li>
<li class="level1"><div class="li"> domain name</div>
</li>
<li class="level1"><div class="li"> authentication service</div>
</li>
</ul>
<p>
match with the correct values. (adapt the domain if necessary)
</p>
<div class="noteimportant">For now, the authentication service parameter has no domain available. You must come back later to fill this parameter. Once <abbr title="Security Assertion Markup Language">SAML</abbr> cinematics are working, you can then put your domain, and delete the login form, and you'll have an automatic redirection to your Identity Provider (no need for the user to click). Note that you can always access Salesforce by the general login page: <a href="https://login.salesforce.com" class="urlextern" title="https://login.salesforce.com" rel="nofollow">https://login.salesforce.com</a>
</div>
</div>
<!-- EDIT4 SECTION "Create Salesforce domain" [575-1566] -->
<h3 class="sectionedit5" id="saml_settings">SAML settings</h3>
<div class="level3">
<p>
Salesforce is not able to read metadata, you must fill the information into a form.
</p>
<p>
<a href="saml_sso_settings-resize-web.png_documentation_1.9_applications_salesforce.html" class="media" title="applications:saml_sso_settings-resize-web.png"><img src="saml_sso_settings-resize-web.png" class="mediacenter" alt="" /></a>
</p>
<p>
Go to the <abbr title="Security Assertion Markup Language">SAML</abbr> Single Sign On settings, and fill these information:
</p>
<ul>
<li class="level1"><div class="li"> Name: should be filled automatically with your organization or domain</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Version: check that version 2.0 is used</div>
</li>
<li class="level1"><div class="li"> Issuer: this is the LemonLDAP::NG (our IdP) Entity Id, which is by default #PORTAL#/saml/metadata</div>
</li>
<li class="level1"><div class="li"> Identity Provider Certificate: whereas it is mentionned that this is the authentication certificate, you must give your LemonLDAP::NG (IdP) signing certificate. If you don't have one, create it with the signing key pair already generated (you could do this with openssl). SSL authentication (https) does not seem to be checked anyway.</div>
</li>
<li class="level1"><div class="li"> Signing Certificate: choose a certificate for SP signature. (create one if none is present)</div>
</li>
<li class="level1"><div class="li"> Assertion decryption Certificate: choose a certificate only if you want to cipher your assertion. (default is not to cipher)</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Type: choose Federation ID. This means that the user Name ID will be mapped to the Federation ID field. (see next section)</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Location: choose if the user Name ID is held in the subject or in some attribute</div>
</li>
<li class="level1"><div class="li"> Identity Provider Login <abbr title="Uniform Resource Locator">URL</abbr>: the user/password <abbr title="Security Assertion Markup Language">SAML</abbr> portal location on the IdP</div>
</li>
<li class="level1"><div class="li"> Identity Provider Logout <abbr title="Uniform Resource Locator">URL</abbr>: the logout location on the IdP</div>
</li>
<li class="level1"><div class="li"> Custom Error <abbr title="Uniform Resource Locator">URL</abbr>: you can redirect the user to a special page when an error is happening</div>
</li>
<li class="level1"><div class="li"> SP Initiated Binding: chose any of the supported binding (every one listed there is currently supported on LemonLDAP::NG) HTTP POST is a good choice</div>
</li>
<li class="level1"><div class="li"> Salesforce Login <abbr title="Uniform Resource Locator">URL</abbr>: generated automatically. This is the entry point of our login cinematic.</div>
</li>
<li class="level1"><div class="li"> OAuth 2.0 Token Endpoint: not used here</div>
</li>
<li class="level1"><div class="li"> <abbr title="Application Programming Interface">API</abbr> Name: filled automatically</div>
</li>
<li class="level1"><div class="li"> User Provisioning Enabled: should create automatically the user in Salesforce (not functionnal right now)</div>
</li>
<li class="level1"><div class="li"> EntityId: Salesforce (the SP) Entity ID. Fill this field accordingly. It should be the same value as the organization domain url, displayed on the previous section</div>
</li>
</ul>
</div>
<!-- EDIT5 SECTION "SAML settings" [1567-3679] -->
<h3 class="sectionedit6" id="configure_federation_id">Configure Federation ID</h3>
<div class="level3">
<p>
Finally, configure for each user his Federation ID value. It will be the link between the <abbr title="Security Assertion Markup Language">SAML</abbr> assertion coming from LemonLDAP::NG (the IdP) and a given user in Salesforce. Here, the mail has been chosen as the user Name ID.
</p>
<p>
<a href="user_federation_id-resize-web.png_documentation_1.9_applications_salesforce.html" class="media" title="applications:user_federation_id-resize-web.png"><img src="user_federation_id-resize-web.png" class="mediacenter" alt="" /></a>
</p>
<p>
Once this is completed, click to export the Salesforce metadata and import them into LemonLDAP::NG, into the declaration of the Salesforce Service Provider.
</p>
<p>
See <a href="../idpsaml.html" class="wikilink1" title="documentation:1.9:idpsaml">Register partner Service Provider on LemonLDAP::NG</a> configuration chapter.
</p>
</div>
<!-- EDIT6 SECTION "Configure Federation ID" [3680-] --></div>
</body>
</html>
|
