219 lines
11 KiB
HTML
219 lines
11 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en" dir="ltr">
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<title>documentation:2.0:applications:salesforce</title>
|
|
<meta name="generator" content="DokuWiki"/>
|
|
<meta name="robots" content="index,follow"/>
|
|
<meta name="keywords" content="documentation,2.0,applications,salesforce"/>
|
|
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
|
|
<link rel="start" href="salesforce.html"/>
|
|
<link rel="contents" href="salesforce.html" title="Sitemap"/>
|
|
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
|
|
<!-- //if:usedebianlibs
|
|
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
|
|
//elsif:useexternallibs
|
|
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
|
|
//elsif:cssminified
|
|
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
|
|
//else -->
|
|
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
|
|
<!-- //endif -->
|
|
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:salesforce","namespace":"documentation:2.0:applications"};
|
|
/*!]]>*/</script>
|
|
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
|
|
<!-- //if:usedebianlibs
|
|
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
|
|
//elsif:useexternallibs
|
|
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
|
|
//elsif:jsminified
|
|
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
|
|
//else -->
|
|
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
|
|
<!-- //endif -->
|
|
<!-- //if:usedebianlibs
|
|
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
|
|
//elsif:useexternallibs
|
|
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
|
|
//elsif:jsminified
|
|
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
|
|
//else -->
|
|
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
|
|
<!-- //endif -->
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export container">
|
|
<!-- TOC START -->
|
|
<div id="dw__toc">
|
|
<h3 class="toggle">Table of Contents</h3>
|
|
<div>
|
|
|
|
<ul class="toc">
|
|
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
|
|
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
|
|
<ul class="toc">
|
|
<li class="level2"><div class="li"><a href="#create_salesforce_domain">Create Salesforce domain</a></div></li>
|
|
<li class="level2"><div class="li"><a href="#saml_settings">SAML settings</a></div></li>
|
|
<li class="level2"><div class="li"><a href="#configure_federation_id">Configure Federation ID</a></div></li>
|
|
</ul></li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<!-- TOC END -->
|
|
|
|
<h1 class="sectionedit1" id="salesforce">SalesForce</h1>
|
|
<div class="level1">
|
|
|
|
<p>
|
|
<a href="salesforce-logo.jpg_documentation_2.0_applications_salesforce.html" class="media" title="applications:salesforce-logo.jpg"><img src="salesforce-logo.jpeg" class="mediacenter" alt="" /></a>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT1 SECTION "SalesForce" [1-68] -->
|
|
<h2 class="sectionedit2" id="presentation">Presentation</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
<span class="curid"><a href="salesforce.html" class="wikilink1" title="documentation:2.0:applications:salesforce">Salesforce</a></span> Salesforce Inc. is a cloud computing company. It is best known for their CRM products and social networking applications.
|
|
</p>
|
|
|
|
<p>
|
|
It allows one to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It can deal with both SP and IdP initiated modes.
|
|
</p>
|
|
|
|
<p>
|
|
This page presents the SP initiated mode.
|
|
</p>
|
|
|
|
<p>
|
|
To work with <abbr title="LemonLDAP::NG">LL::NG</abbr> it requires:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> configured as <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a></div>
|
|
</li>
|
|
</ul>
|
|
|
|
</div>
|
|
<!-- EDIT2 SECTION "Presentation" [69-472] -->
|
|
<h2 class="sectionedit3" id="configuration">Configuration</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
You should have configured <abbr title="LemonLDAP::NG">LL::NG</abbr> as a <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a>.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT3 SECTION "Configuration" [473-578] -->
|
|
<h3 class="sectionedit4" id="create_salesforce_domain">Create Salesforce domain</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
<a href="my_domain_salesforce-resize-web.png_documentation_2.0_applications_salesforce.html" class="media" title="applications:my_domain_salesforce-resize-web.png"><img src="my_domain_salesforce-resize-web.png" class="mediacenter" alt="" /></a>
|
|
</p>
|
|
|
|
<p>
|
|
For using SP-initiated mode, you must create your salesforce domain. Creation can take up to 1 hour. (if it is superior to 1h, then there is a problem. Problems are generally resolved in up to 72 hours)
|
|
</p>
|
|
|
|
<p>
|
|
Then you must <strong>deploy</strong> this domain in order to go on with the configuration.
|
|
</p>
|
|
|
|
<p>
|
|
Finally, just ensure that at least:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> Login policy</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Redirect policy</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> domain name</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> authentication service</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
match with the correct values. (adapt the domain if necessary)
|
|
</p>
|
|
<div class="noteimportant">For now, the authentication service parameter has no domain available. You must come back later to fill this parameter. Once <abbr title="Security Assertion Markup Language">SAML</abbr> cinematics are working, you can then put your domain, and delete the login form, and you'll have an automatic redirection to your Identity Provider (no need for the user to click). Note that you can always access Salesforce by the general login page: <a href="https://login.salesforce.com" class="urlextern" title="https://login.salesforce.com" rel="nofollow">https://login.salesforce.com</a>
|
|
</div>
|
|
</div>
|
|
<!-- EDIT4 SECTION "Create Salesforce domain" [579-1570] -->
|
|
<h3 class="sectionedit5" id="saml_settings">SAML settings</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
Salesforce is not able to read metadata, you must fill the information into a form.
|
|
</p>
|
|
|
|
<p>
|
|
<a href="saml_sso_settings-resize-web.png_documentation_2.0_applications_salesforce.html" class="media" title="applications:saml_sso_settings-resize-web.png"><img src="saml_sso_settings-resize-web.png" class="mediacenter" alt="" /></a>
|
|
</p>
|
|
|
|
<p>
|
|
Go to the <abbr title="Security Assertion Markup Language">SAML</abbr> Single Sign On settings, and fill these information:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> Name: should be filled automatically with your organization or domain</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Version: check that version 2.0 is used</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Issuer: this is the LemonLDAP::NG (our IdP) Entity Id, which is by default #PORTAL#/saml/metadata</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Identity Provider Certificate: whereas it is mentioned that this is the authentication certificate, you must give your LemonLDAP::NG (IdP) signing certificate. If you don't have one, create it with the signing key pair already generated (you could do this with openssl). SSL authentication (https) does not seem to be checked anyway.</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Signing Certificate: choose a certificate for SP signature. (create one if none is present)</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Assertion decryption Certificate: choose a certificate only if you want to cipher your assertion. (default is not to cipher)</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Type: choose Federation ID. This means that the user Name ID will be mapped to the Federation ID field. (see next section)</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Location: choose if the user Name ID is held in the subject or in some attribute</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Identity Provider Login <abbr title="Uniform Resource Locator">URL</abbr>: the user/password <abbr title="Security Assertion Markup Language">SAML</abbr> portal location on the IdP</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Identity Provider Logout <abbr title="Uniform Resource Locator">URL</abbr>: the logout location on the IdP</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Custom Error <abbr title="Uniform Resource Locator">URL</abbr>: you can redirect the user to a special page when an error is happening</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> SP Initiated Binding: chose any of the supported binding (every one listed there is currently supported on LemonLDAP::NG) HTTP POST is a good choice</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Salesforce Login <abbr title="Uniform Resource Locator">URL</abbr>: generated automatically. This is the entry point of our login cinematic.</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> OAuth 2.0 Token Endpoint: not used here</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> <abbr title="Application Programming Interface">API</abbr> Name: filled automatically</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> User Provisioning Enabled: should create automatically the user in Salesforce (not functionnal right now)</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> EntityId: Salesforce (the SP) Entity ID. Fill this field accordingly. It should be the same value as the organization domain url, displayed on the previous section</div>
|
|
</li>
|
|
</ul>
|
|
|
|
</div>
|
|
<!-- EDIT5 SECTION "SAML settings" [1571-3682] -->
|
|
<h3 class="sectionedit6" id="configure_federation_id">Configure Federation ID</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
Finally, configure for each user his Federation ID value. It will be the link between the <abbr title="Security Assertion Markup Language">SAML</abbr> assertion coming from LemonLDAP::NG (the IdP) and a given user in Salesforce. Here, the mail has been chosen as the user Name ID.
|
|
</p>
|
|
|
|
<p>
|
|
<a href="user_federation_id-resize-web.png_documentation_2.0_applications_salesforce.html" class="media" title="applications:user_federation_id-resize-web.png"><img src="user_federation_id-resize-web.png" class="mediacenter" alt="" /></a>
|
|
</p>
|
|
|
|
<p>
|
|
Once this is completed, click to export the Salesforce metadata and import them into LemonLDAP::NG, into the declaration of the Salesforce Service Provider.
|
|
</p>
|
|
|
|
<p>
|
|
See <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">Register partner Service Provider on LemonLDAP::NG</a> configuration chapter.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT6 SECTION "Configure Federation ID" [3683-] --></div>
|
|
</body>
|
|
</html>
|