Tuesday, March 17, 2015

Federated Authentication-Configure WSO2 IS with Salesforce


This article will discuss how we could configure WSO2 Identity server with salesforce for Federated Authentication
  • You should create a salesforce developer account from https://developer.salesforce.com/
  • Once you login to developer account you need to navigate, Identity providers under Security console tab

  • Then you must download Salesforce public certificate and the Identity provide meta-information which is required for IDP configuration WSO2 IS
    <md:entitydescriptor entityid="https://wso2idc-dev-ed.my.salesforce.com" validuntil="2025-03-18T00:16:43.800Z" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
       <md:idpssodescriptor protocolsupportenumeration="urn:oasis:names:tc:SAML:2.0:protocol">
          <md:keydescriptor use="signing">
             <ds:keyinfo>
                <ds:x509data>
                   
                </ds:x509data>
             </ds:keyinfo>
          </md:keydescriptor>
          <md:nameidformat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:nameidformat>
          <md:singlesignonservice binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" location="https://wso2idc-dev-ed.my.salesforce.com/idp/endpoint/HttpPost">
          <md:singlesignonservice binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" location="https://wso2idc-dev-ed.my.salesforce.com/idp/endpoint/HttpRedirect">
       </md:singlesignonservice></md:singlesignonservice></md:idpssodescriptor>
    </md:entitydescriptor>
  •  You will find POST and HTTP re-directing IDP urls are at the meta-information which required when configuring WSO2 Identity Provider.
  • Then you need to create a Connected app, you need to provide almost similar entries when creating connected app, specially pay special attention on ACS URL and Issuer URL



  • Then create a user profile and add connected app where only the user who has the profile will allow to authenticate via SSO


  • Start Identity server then configure Identity Provider as shown below, you need to import salesforce public certificate obtained in earlier steps as below.




  • Configure Service provider as shown below,



  • Inbound configuration should be as below

  • Then deploy travolocity app , setup SSO then click login page