salesforce.html 10.9 KB
Newer Older
Clément OUDOT's avatar
Clément OUDOT committed
1 2 3 4 5 6
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:2.0:applications:salesforce</title>
<meta name="generator" content="DokuWiki"/>
Xavier Guimard's avatar
Xavier Guimard committed
7
<meta name="robots" content="index,follow"/>
Clément OUDOT's avatar
Clément OUDOT committed
8 9 10 11 12
<meta name="keywords" content="documentation,2.0,applications,salesforce"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="salesforce.html"/>
<link rel="contents" href="salesforce.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
Xavier Guimard's avatar
Xavier Guimard committed
13 14 15 16 17 18 19 20 21
<!-- //if:usedebianlibs
  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
Clément OUDOT's avatar
Clément OUDOT committed
22 23 24
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0:applications';var JSINFO = {"id":"documentation:2.0:applications:salesforce","namespace":"documentation:2.0:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
25 26 27 28 29 30 31 32 33 34 35 36 37 38
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
Xavier Guimard's avatar
Xavier Guimard committed
39
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
40
//else -->
Xavier Guimard's avatar
Xavier Guimard committed
41
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
Xavier Guimard's avatar
Xavier Guimard committed
42
<!-- //endif -->
Clément OUDOT's avatar
Clément OUDOT committed
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>

<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#create_salesforce_domain">Create Salesforce domain</a></div></li>
<li class="level2"><div class="li"><a href="#saml_settings">SAML settings</a></div></li>
<li class="level2"><div class="li"><a href="#configure_federation_id">Configure Federation ID</a></div></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->

<h1 class="sectionedit1" id="salesforce">SalesForce</h1>
<div class="level1">

<p>
<a href="salesforce-logo.jpg_documentation_2.0_applications_salesforce.html" class="media" title="applications:salesforce-logo.jpg"><img src="salesforce-logo.jpeg" class="mediacenter" alt="" /></a>
</p>

</div>
<!-- EDIT1 SECTION "SalesForce" [1-68] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">

<p>
<span class="curid"><a href="salesforce.html" class="wikilink1" title="documentation:2.0:applications:salesforce">Salesforce</a></span> Salesforce Inc. is a cloud computing company. It is best known for their CRM products and social networking applications.
</p>

<p>
Xavier Guimard's avatar
Xavier Guimard committed
81
It allows one to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It can deal with both SP and IdP initiated modes.
Clément OUDOT's avatar
Clément OUDOT committed
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
</p>

<p>
This page presents the SP initiated mode.
</p>

<p>
To work with <abbr title="LemonLDAP::NG">LL::NG</abbr> it requires:
</p>
<ul>
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> configured as <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a></div>
</li>
</ul>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
97
<!-- EDIT2 SECTION "Presentation" [69-472] -->
Clément OUDOT's avatar
Clément OUDOT committed
98 99 100 101 102 103 104 105
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">

<p>
You should have configured <abbr title="LemonLDAP::NG">LL::NG</abbr> as a <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">SAML Identity Provider</a>.
</p>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
106
<!-- EDIT3 SECTION "Configuration" [473-578] -->
Clément OUDOT's avatar
Clément OUDOT committed
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
<h3 class="sectionedit4" id="create_salesforce_domain">Create Salesforce domain</h3>
<div class="level3">

<p>
<a href="my_domain_salesforce-resize-web.png_documentation_2.0_applications_salesforce.html" class="media" title="applications:my_domain_salesforce-resize-web.png"><img src="my_domain_salesforce-resize-web.png" class="mediacenter" alt="" /></a>
</p>

<p>
For using SP-initiated mode, you must create your salesforce domain. Creation can take up to 1 hour. (if it is superior to 1h, then there is a problem. Problems are generally resolved in up to 72 hours)
</p>

<p>
Then you must <strong>deploy</strong> this domain in order to go on with the configuration.
</p>

<p>
Finally, just ensure that at least:
</p>
<ul>
<li class="level1"><div class="li"> Login policy</div>
</li>
<li class="level1"><div class="li"> Redirect policy</div>
</li>
<li class="level1"><div class="li"> domain name</div>
</li>
<li class="level1"><div class="li"> authentication service</div>
</li>
</ul>

<p>
match with the correct values. (adapt the domain if necessary)
</p>
<div class="noteimportant">For now, the authentication service parameter has no domain available. You must come back later to fill this parameter. Once <abbr title="Security Assertion Markup Language">SAML</abbr> cinematics are working, you can then put your domain, and delete the login form, and you&#039;ll have an automatic redirection to your Identity Provider (no need for the user to click). Note that you can always access Salesforce by the general login page: <a href="https://login.salesforce.com" class="urlextern" title="https://login.salesforce.com"  rel="nofollow">https://login.salesforce.com</a>
</div>
</div>
Xavier Guimard's avatar
Xavier Guimard committed
142
<!-- EDIT4 SECTION "Create Salesforce domain" [579-1570] -->
Clément OUDOT's avatar
Clément OUDOT committed
143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163
<h3 class="sectionedit5" id="saml_settings">SAML settings</h3>
<div class="level3">

<p>
Salesforce is not able to read metadata, you must fill the information into a form.
</p>

<p>
<a href="saml_sso_settings-resize-web.png_documentation_2.0_applications_salesforce.html" class="media" title="applications:saml_sso_settings-resize-web.png"><img src="saml_sso_settings-resize-web.png" class="mediacenter" alt="" /></a>
</p>

<p>
Go to the <abbr title="Security Assertion Markup Language">SAML</abbr> Single Sign On settings, and fill these information:
</p>
<ul>
<li class="level1"><div class="li"> Name: should be filled automatically with your organization or domain</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Version: check that version 2.0 is used</div>
</li>
<li class="level1"><div class="li"> Issuer: this is the LemonLDAP::NG (our IdP) Entity Id, which is by default #PORTAL#/saml/metadata</div>
</li>
Xavier Guimard's avatar
Xavier Guimard committed
164
<li class="level1"><div class="li"> Identity Provider Certificate: whereas it is mentioned that this is the authentication certificate, you must give your LemonLDAP::NG (IdP) signing certificate. If you don&#039;t have one, create it with the signing key pair already generated (you could do this with openssl). SSL authentication (https) does not seem to be checked anyway.</div>
Clément OUDOT's avatar
Clément OUDOT committed
165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194
</li>
<li class="level1"><div class="li"> Signing Certificate: choose a certificate for SP signature. (create one if none is present)</div>
</li>
<li class="level1"><div class="li"> Assertion decryption Certificate: choose a certificate only if you want to cipher your assertion. (default is not to cipher)</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Type: choose Federation ID. This means that the user Name ID will be mapped to the Federation ID field. (see next section)</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> Identity Location: choose if the user Name ID is held in the subject or in some attribute</div>
</li>
<li class="level1"><div class="li"> Identity Provider Login <abbr title="Uniform Resource Locator">URL</abbr>: the user/password <abbr title="Security Assertion Markup Language">SAML</abbr> portal location on the IdP</div>
</li>
<li class="level1"><div class="li"> Identity Provider Logout <abbr title="Uniform Resource Locator">URL</abbr>: the logout location on the IdP</div>
</li>
<li class="level1"><div class="li"> Custom Error <abbr title="Uniform Resource Locator">URL</abbr>: you can redirect the user to a special page when an error is happening</div>
</li>
<li class="level1"><div class="li"> SP Initiated Binding: chose any of the supported binding (every one listed there is currently supported on LemonLDAP::NG) HTTP POST is a good choice</div>
</li>
<li class="level1"><div class="li"> Salesforce Login <abbr title="Uniform Resource Locator">URL</abbr>: generated automatically. This is the entry point of our login cinematic.</div>
</li>
<li class="level1"><div class="li"> OAuth 2.0 Token Endpoint: not used here</div>
</li>
<li class="level1"><div class="li"> <abbr title="Application Programming Interface">API</abbr> Name: filled automatically</div>
</li>
<li class="level1"><div class="li"> User Provisioning Enabled: should create automatically the user in Salesforce (not functionnal right now)</div>
</li>
<li class="level1"><div class="li"> EntityId: Salesforce (the SP) Entity ID. Fill this field accordingly. It should be the same value as the organization domain url, displayed on the previous section</div>
</li>
</ul>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
195
<!-- EDIT5 SECTION "SAML settings" [1571-3682] -->
Clément OUDOT's avatar
Clément OUDOT committed
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215
<h3 class="sectionedit6" id="configure_federation_id">Configure Federation ID</h3>
<div class="level3">

<p>
Finally, configure for each user his Federation ID value. It will be the link between the <abbr title="Security Assertion Markup Language">SAML</abbr> assertion coming from LemonLDAP::NG (the IdP) and a given user in Salesforce. Here, the mail has been chosen as the user Name ID.
</p>

<p>
<a href="user_federation_id-resize-web.png_documentation_2.0_applications_salesforce.html" class="media" title="applications:user_federation_id-resize-web.png"><img src="user_federation_id-resize-web.png" class="mediacenter" alt="" /></a>
</p>

<p>
Once this is completed, click to export the Salesforce metadata and import them into LemonLDAP::NG, into the declaration of the Salesforce Service Provider.
</p>

<p>
See <a href="../idpsaml.html" class="wikilink1" title="documentation:2.0:idpsaml">Register partner Service Provider on LemonLDAP::NG</a> configuration chapter.
</p>

</div>
Xavier Guimard's avatar
Xavier Guimard committed
216
<!-- EDIT6 SECTION "Configure Federation ID" [3683-] --></div>
Clément OUDOT's avatar
Clément OUDOT committed
217 218
</body>
</html>