Steps to integrate the SSO between Salesforce (as SP) and
OAM 11g R2 PS2 ( 11.1.2.2.0) Protected applications (IdP):
Tested on OAM 11g R2 PS2 and Salesforce cloud application.
This post explains the steps involved in integrating Salesforce with OAM 11g R2 PS2 where OAM is acting as Identity Provider(IdP) and Salesforce application is a Service Provide (SP)
1)
Create a new developer sandbox and publish it as
domain.
It should have a URL similar to below URL:
2)
Go to Identity Provider Administrator in OAM as
shown below and create SP attribute profile as shown below for mail.
a) Click Identity Provider Administrator
b) Click Service Provider Attribute Profile
c) Edit the sp-attribute-profile to have IDPEmail
as user.attr.mail as shown below
Go to
{oam_host}:{oam_port}/oamfed/idp/metadata
Locate
the "<md:KeyDescriptor use="signing">" tag
Copy
the contents of the "<dsig:X509Certificate>" tag and save it
using a text editor as a .cer file
Import
this cer file as the Identity Provider Certificate
Note:
If Salesforce complains about an error in the certificate, just double-click on
the .cer file you saved from the above step, click on the details tab and 'Copy
to file' and save as DER format
SALESFORCE SIDE CONFIGURATIONS:
4)
Login to salesforce as Admin-> Security
Controls->Single Sign On Settings
·
Enable the SAML
5) Create new SAML Single Sign On Settings as shown below:
6)
Download the metadata and store it in your local
system
7)
Go back to OAM Identity Provider Administrations:
·
Create a new SP profile by loading metadata
downloaded from Salesforce site.
8)
The SP initiated login is enforced using the
below setting:
9)
Try accessing below URL for IdP initiated Login:
10)
Try access below URL for SP initiated Login:
Thanks,
Feel free to contact me for any issue/suggestions @ abhishek.nitc@gmail.com
This is the worthy content that i have seen ever. The way you have presented this article is really awesome. By the way you are running a great blog. Thanks for sharing and just keep up this good work.
ReplyDeleteSalesforce training institutes in
chennai
Salesforce course in chennai
Mangaining customers and thereby increasing the company's revenue is the toughest thing to handle. But companies like Salesforce are dedicated to it by offering most useful and efficient tools. Your content is stating the same. Thanks for offering a worth able article to read. Keep up the activity of posting valuable posts.
ReplyDeleteSalesforce training in chennai | Salesforce training | Salesforce developer training in chennai
Cloud servers are the best in safe guarding one's information thorugh online. Without this dedicated methodology many companies would have not existed at all. The same though has been furnished above. Thanks for sharing this worth while content in here. Keep writing article like this.
ReplyDeleteSalesforce course in chennai | Salesforce course in chennai | Salesforce administrator training in chennai
Great article. I have a question: what if I define another identity store in OAM and want to use it as my IdP data store ?
ReplyDeleteI've defined the data store pointing to OUD. I have set it as default data store. Using it in Web SSO it's working with a webgate.
I have now defined federation with salesforce as per your article. When I run the "Try accessing below URL for IdP initiated Login" step, I get the login page from OAM. Provide user name and password and authentication fails. When I go to the log I realise OAM is pointing the IdP to the embedded LDAP of weblogic and not to the one I defined as the default store (OUD). Is there any missing step in your article regarding this situation ?
I've checked federation authentication schemes and modules in OAM but no way to find a parameter to set the id store.
thanks
regards
Giovanni
stuck with same . Can u please guide how you resolved
DeleteYes, It should work without any issue with OUD. In my case I used OID as my LDAP ( Identity store). My users were present in OID & OID was marked as default Identity Store. Just make sure the default Identity store is pointed to OUD in your case.
ReplyDeleteThanks for sharing this valuable information.
ReplyDeleteieee java projects in chennai
ieee dotnet projects in chennai
mba projects in chennai
be projects in chennai
ns2 projects in chennai
mca projects in chennai
bulk projects in chennai
the federation url which i took from my OAM console is not working can please let me know if any other settings need to be done for enabling federation in OAM
ReplyDeleteThe information which you have provided is very good. It is very useful who is looking for salesforce Online Training Hyderabad
ReplyDeleteperde modelleri
ReplyDeleteMOBİL ONAY
mobil ödeme bozdurma
nft nasıl alınır
ankara evden eve nakliyat
trafik sigortası
dedektör
web sitesi kurma
Ask Romanlari