Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
174 views
in Technique[技术] by (71.8m points)

connect to salesforce as SP from java

I am trying to connect to salesforce from my java web application. I want my application to act as an Idp and salesforce as SP. However I need help to send assertion to salesforce. Please help!!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Question 1: I want my application to act as an Idp and salesforce as SP.

Answer:
(I) You should implement SAML IdP with your Java web application.

(II) For quick deployment of SAML IdP on your production environment, leveraging third-party SAML IdP (such as Shibboleth IdP) is highly recommended. Then you have sufficient time to develop your own SAML IdP for your Java web application.

We developed our former version of Zero-Password Authentication and Authorization System in Java and leveraged Shibboleth IdP to provide SAML SSO for enterprise applications.

We developed our current version of Zero-Password Authentication and Authorization System with scalability and high availability in Scala to provide SAML SSO natively for enterprise applications without Shibboleth IdP.

(III) How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provides the instruction on building your own IDP for SAML in Java using Shibboleth SAML IdP and OpenLDAP.

  • Shibboleth SAML IdP is responsible for identity federation.

  • OpenLDAP is responsible for identity authentication.

(IV) I have validated SAML Single Sign-On (SSO) provided by Docker-running Shibboleth SAML IdP (Identity Provider) and OpenLDAP for the following enterprise applications. In other words, I leveraged Docker-running Shibboleth SAML IdP and OpenLDAP to log in to the following enterprise applications successfully.

Microsoft Office 365
Google G Suite
Salesforce
Dropbox
Box
Amazon AWS
OpenStack
Citrix NetScaler
VMware vCloud Director
Oracle NetSuite

(V) For your convenience, I have made the 8th commit to upload the Salesforce SP metadata and corresponding SAML configuration to How to build and run Shibboleth SAML IdP and SP using Docker container.
Note that I have logged in to Salesforce organization "example.com" account (https://example.my.salesforce.com) with username "[email protected]" successfully using Shibboleth IdP running with Docker Container.

By performing the following Shibboleth SAML IdP configuration procedure, you can log in to your Salesforce organization "your-company.com" account (https://your-company.my.salesforce.com) with your username (such as "[email protected]").

(V.a) Download the source code of building and running Shibboleth SAML IdP from GitHub repository.

$git clone https://github.com/winstonhong/Shibboleth-SAML-IdP-and-SP

(V.b) Replace "shibboleth-idp-dockerized/ext-conf/metadata/ sp-salesforce-com.metata" with your Salesforce SP metadata downloaded from your Salesforce organization account.

(V.c) Edit "shibboleth-idp-dockerized/ext-conf/conf/relying-party.xml" to replace SAML SP entityID "https://example.my.salesforce.com" with "https://your-company.my.salesforce.com"

(V.d) Edit "LDAP-Dockerized-CentOS/users.ldif" to replace user info "[email protected]" with your user info "[email protected]".

(V.e) Follow the instruction provided by README (https://github.com/winstonhong/Shibboleth-SAML-IdP-and-SP/blob/master/README.md) to build and run Shibboleth IdP, OpenLDAP and Shibboleth SP.

Validate that you can log in to Shibboleth SP application through Shibboleth IdP.

(V.f) Use the [public certificate template "shibboleth-idp-dockerized/ext-conf/credentials/idp-signing.crt" and the 2nd signing certificate of "shibboleth-idp-dockerized/ext-conf/metadata/idp-metadata.xml" to create the assertion signing public certificate of Shibboleth IdP. Then you need to upload the signing certificate of Shibboleth IdP to your Salesforce organization account.

(V.g) Follow the instruction Set Up Salesforce Single Sign-On for Your Internal Users to complete SAML SP configuration with your Salesforce organization account. Note that "Select Assertion contains the User's Salesforce username for SAML Identity Type".

(V.h) Now you can log in to your Salesforce organization account as SP through Shibboleth IdP.

It is easy to configure Shibboleth IdP to use the same data store/repository (such as OpenLDAP or MySQL) of your Java web application. Then you Java web application acts as SAML IdP without any development task required.

(VI) Another StackOverflow question "Setting up a new Shibboleth IdP to work with an existing SAML SP" provides valuable information and discussions on Shibboleth SAML configuration.

Question 2: However I need help to send assertion to Salesforce.

Answer:
Follow the instruction provided by answer to Question 1, your Java web application can leverage Java-based Shibboleth SAML IdP to send assertion to Salesforce.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...