It allows one to use <abbrtitle="Security Assertion Markup Language">SAML</abbr> to authenticate users. It can deal with both SP and IdP initiated modes.
You should have configured <abbrtitle="LemonLDAP::NG">LL::NG</abbr> as a <ahref="../idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">SAML Identity Provider</a>.
For using SP-initiated mode, you must create your salesforce domain. Creation can take up to 1 hour. (if it is superior to 1h, then there is a problem. Problems are generally resolved in up to 72 hours)
</p>
<p>
Then you must <strong>deploy</strong> this domain in order to go on with the configuration.
match with the correct values. (adapt the domain if necessary)
</p>
<divclass="noteimportant">For now, the authentication service parameter has no domain available. You must come back later to fill this parameter. Once <abbrtitle="Security Assertion Markup Language">SAML</abbr> cinematics are working, you can then put your domain, and delete the login form, and you'll have an automatic redirection to your Identity Provider (no need for the user to click). Note that you can always access Salesforce by the general login page: <ahref="https://login.salesforce.com"class="urlextern"title="https://login.salesforce.com"rel="nofollow">https://login.salesforce.com</a>
<liclass="level1"><divclass="li"> Identity Provider Certificate: whereas it is mentioned that this is the authentication certificate, you must give your LemonLDAP::NG (IdP) signing certificate. If you don't have one, create it with the signing key pair already generated (you could do this with openssl). SSL authentication (https) does not seem to be checked anyway.</div>
<liclass="level1"><divclass="li"> Signing Certificate: choose a certificate for SP signature. (create one if none is present)</div>
</li>
<liclass="level1"><divclass="li"> Assertion decryption Certificate: choose a certificate only if you want to cipher your assertion. (default is not to cipher)</div>
</li>
<liclass="level1"><divclass="li"><abbrtitle="Security Assertion Markup Language">SAML</abbr> Identity Type: choose Federation ID. This means that the user Name ID will be mapped to the Federation ID field. (see next section)</div>
</li>
<liclass="level1"><divclass="li"><abbrtitle="Security Assertion Markup Language">SAML</abbr> Identity Location: choose if the user Name ID is held in the subject or in some attribute</div>
</li>
<liclass="level1"><divclass="li"> Identity Provider Login <abbrtitle="Uniform Resource Locator">URL</abbr>: the user/password <abbrtitle="Security Assertion Markup Language">SAML</abbr> portal location on the IdP</div>
</li>
<liclass="level1"><divclass="li"> Identity Provider Logout <abbrtitle="Uniform Resource Locator">URL</abbr>: the logout location on the IdP</div>
</li>
<liclass="level1"><divclass="li"> Custom Error <abbrtitle="Uniform Resource Locator">URL</abbr>: you can redirect the user to a special page when an error is happening</div>
</li>
<liclass="level1"><divclass="li"> SP Initiated Binding: chose any of the supported binding (every one listed there is currently supported on LemonLDAP::NG) HTTP POST is a good choice</div>
</li>
<liclass="level1"><divclass="li"> Salesforce Login <abbrtitle="Uniform Resource Locator">URL</abbr>: generated automatically. This is the entry point of our login cinematic.</div>
</li>
<liclass="level1"><divclass="li"> OAuth 2.0 Token Endpoint: not used here</div>
<liclass="level1"><divclass="li"> User Provisioning Enabled: should create automatically the user in Salesforce (not functionnal right now)</div>
</li>
<liclass="level1"><divclass="li"> EntityId: Salesforce (the SP) Entity ID. Fill this field accordingly. It should be the same value as the organization domain url, displayed on the previous section</div>
Finally, configure for each user his Federation ID value. It will be the link between the <abbrtitle="Security Assertion Markup Language">SAML</abbr> assertion coming from LemonLDAP::NG (the IdP) and a given user in Salesforce. Here, the mail has been chosen as the user Name ID.
Once this is completed, click to export the Salesforce metadata and import them into LemonLDAP::NG, into the declaration of the Salesforce Service Provider.
</p>
<p>
See <ahref="../idpsaml.html"class="wikilink1"title="documentation:2.0:idpsaml">Register partner Service Provider on LemonLDAP::NG</a> configuration chapter.