Salesforce Developer Security Authentication


// Salesforce - Developer - Security - Single Sign-on - Federated Authentication:

1. SAML is the standard for federated SSO
2. Identity Store is the master of 'User' identity.
3. Identity Provider (IdP) is the Identity Assertion Provider
4. Service Provider (SP) is the provider of enterprise services

Typical setup consists of one IdP and several SPs.  Salesforce support
multiple IdPs.

Identity Provider generate SAML and send to
validate SAML and generate session.

SSO Basics: IdP initiated SAML

Client -> IdP -> Client -> Salesforce -> Client

1. User authenticated at Custom IDP
2. User is directed to Salesforce (SP) using a link or button
3. When a link or button is pressed, IDP posts SAML to Salesforce
4. Salesforce validate SAML and a user session is generated

SSO Basics: SP Initiated SAML:

Client -> Salesforce -> Client -> IdP -> Client -> Salesforce

1. Request Resource
2. Redirect to IdP
3. User accesses IdP and sends SAML request
4. IDP Authenticates.  Send SAML response.
5. Salesforce validate SAML and generate session.

To setup Federated Authentication:

1. Configure service provider
2. Configure Identity Provider
3. Test Login
4. Examine SAML Token / Assertion
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License