We have a website running on Kentico. When a user logs in there will be a link available for the user to navigate to a Salesforce Community. When the user clicks the link I would like to automatically log the user into the Salesforce Community. My Kentico Users as in sync with the Salesforce contacts/external users.
Has anyone implemented this? If so, can you share how you achieved? It seems like a SAML Assertion needs to be generated and posted but I am not familiar with how to do this.
Thanks in advance!
Since Kentico should not be used as the authentication provider for other applications, it will be easier for you to find out can SF Community provide some authentication API which then you can setup custom external authentication (through SF) in Kentico.
You can also consider using something like OpenID which is supported by both SF and Kentico. (https://help.salesforce.com/articleView?id=networks_authentication_options.htm&type=0)
Related
I am trying to integrate Salesforce with AAD, so I see two available options, either Saml or OpenId Connect.. I do not know which one is better, but I prefer OpenId Connect since it seems to be more modern. So I tried to register Salesforce App in AAD and Saml was the default options, so why is Saml the default option ?! is it better or what? Please note that I am building an API and I need to allow authentication and authorization with Single Sign On.
The Azure AD app gallery contains many popular applications that are already pre-configured to work with Azure AD as an identity provider. These applications will be available in the Enterprise applications and have SAML to perform SSO. Any application which is added directly from the Gallery the default method is SAML based SSO , password based SSO etc.. which depends upon the applications.
Kindly check the difference between the App Registration and Gallery application in Azure portal from the link
In order to get more detailed explanation about SSO types and protocols kindly check the document to get more detailed explanation.
If you have any further queries kindly let me know.
We have a website running on Kentico and we want all the users who are coming to kentico and doing login can automatically login to salesforce community after clicking a tab in kentico website .
I got few suggestions related to SSO but it seems there is no specific way in kentico cms for doing or configuring single sign on for other domains .
Let me know if you guys have any thoughts .
Thanks !!!
Not knowing much about Salesforce Community, I'll answer based on what we've done in the past in other situations which are similar.
In this case it seems like Salesforce will be your true source of the "user" data because there are license restrictions with users in Salesforce and NOT in Kentico. Some of the user data (username, first, last, etc.) will be stored in Kentico to help with functionality. In this case you'd:
Place the login webpart on a page and configure it (simple).
Create a Global Event Handler for the Authenticate event.
In the global event handler, attempt to log them into Salesforce with given username and password.
If a user exists or the login is successful, allow them to log into Kentico and possibly sync some of their profile/user data to Kentico, if not, cancel the event.
I have an existing J2EE application which provides some specific features after logging in to the application.
I have to provide SSO to just ONE of the customer who logs into our application while the rest of the customers would still use the login page and login with their credentials.
I am planning to use OpenAM Fedlet act as SP deployed as a separate application in our container.
I need some help in understanding if i need a full blown OpenAM instance deployed within us. Please provide any insights if you may have on this .
You can use the fedlet as an SP for this user. The trick is identifying this particular user and initiating SSO for this person, and going to the login screen for everyone else.
I am just wondering if it is permited to implement my own authentication process in force.com or it is against terms of service or any rules. Link to official documentation will be appreciated.
If you want to create an authentication for a site : look here.
If you want authenticated users in your site basically you need a licence for each authenticated user, i believe that it's not permitted to create your own authentication, in the link i gave you it's said : "please don't be tempted to build your own authentication process".
If your authenticated users already have their licences, you can customize the authentication process easily, there's the Site class for that look here
Hope this help :)
I m building a multi-tenant mvc application hosted in windows azure.
I would like to leverage access control service to allow user to get authenticated thanks to google, facebook, live id etc...
I managed to get a simple authentication working with a postback url that is configured in the Relying Party Application Settings.
but in my scenario it is more like that:
client1.mydomain.com/login or client1.com/login will go to the the providers pages select let's say google then he will sign in and then he will be redirected to client1.mydomain.com/Admin or client1.com/Admin
how can I achive that for any clients? should I add a relying party application for each client? can it be done by code? Is it ok with facebook?
I would like also the admin panel to be in silverlight, once the client is authenticated will he remain authenticated in the silverlight app?
Thank you by advance for any help or links that can help.
Fred
To answer your questions I would say yes to all. Each application would have to be set up as a relying party. So you would need to configure your app to use WIF and point to your Azure ACS.
All of these scenarios are covered in the Microsoft identity developer training kit.
Hopes this helps.