How to set Single sign On Using SAML.

  1. User must establish Saml Identity Provider : Here we send Single Sign On request to Salesforce.
  2. Provide information to identity provider : Here we have to give Login, Log out URl’s
  3. Configuring Salesforce.

 How does Salesforce Trust Identity Provider ?

To establish Single Sign on Salesforce must be connected to Identity Provider.In order to establish relation between Salesforce and Identity Providers salesforce must trust the identity provider. Following is the process is done.Single sign on Using SAML

  • During Configuration, Identity provider gives a digital certificate to salesforce  and in run time Salesforce uses the certificate to validate the digital signature  given by identity provider.

Enabling Salesforce to be Service Provider.

To enable Salesforce as a Service Provider we must do 2 important things.

  1. Download digital signature certificate from identity provider(IdP).
  2. Upload digital signature certificate to salesforce.
  3. Configure salesforce.

 Identity Provider-Initiated SAML Flow during run time.

The user will sign by using Single sign on in to the Idp. The Idp will return a page containing form with saml assertion. Then the user submits SAML assertion to sales force to login. Then the Service Provider (Salesforce) checks the digital signature and grants sessions id.

Single sign on Using SAML

Service Provider-Initiated SAML Flow.

This is the situation where user clicks on the link where to access something in the salesforce and redirect the user back to Idp Successfully.

Single sign on Using SAML

 The end user requests a page at a custom domain for salesforce. Salesforce says you are not logged in. Then the user is logged in to Idp credentials. Then the Idp redirects the user to salesforce with SAML Assertion. Now Salesforce redirects the requested page with session Id to the end user.

Now we are going to create a new Single Sign On in salesforce.

Go to Setup => Administer = > Security Control = > Single Sign On Settings.

Single sign on Using SAML

Enable SAMl. By enabling SAML we can create new Single Sign ON. Edit it and check SAMl Enabled.

Single sign on Using SAML

Save it

Single sign on Using SAML

Now select New button.

Single sign on Using SAML

Before going to fill SAML Single Sign-On Setting details we should have some data . Go to the following URL and Download the Digital certificate which is to be uploaded .

GO to http://sfdc-tandc-saml-ip.herokuapp.com

Single sign on Using SAML

Issuer : mockidp.

Entity id : https://saml.salesforce.com

Single sign on Using SAML

Now go to Configure Section shown below.

Single sign on Using SAML

Complete all the details as shown below.

Single sign on Using SAMLSingle sign on Using SAML

Before login Logout From login.salesforce.com