Salesforce 中的联合身份验证和委托身份验证 [英] Federated authentication and Delegated authentication in salesforce

问题描述

有人知道 salesforce 中联合身份验证和委托身份验证之间的区别吗?能解释一下这两种方法的请求流程吗?

解决方案

主要区别在于联合身份验证中使用安全断言标记语言 (SAML).

<块引用>

委派身份验证如果您的组织中有移动用户，或者您想启用委派身份验证，请使用委派身份验证单点登录合作伙伴门户或客户门户.你必须请求由 salesforce.com 启用此功能.这个食谱更详细地解释委托身份验证.

使用 SAML 的联合身份验证 联合身份验证使用 SAML，这是一种安全集成的行业标准.投资 SAMLSalesforce.com 可以与其他产品或服务一起使用.如果您使用 SAML，则不必将内部服务器公开给Internet:使用浏览器完成安全集成.在此外，Salesforce.com 从不处理您使用的任何密码组织.有关更多信息，请参阅为Salesforce.com 在线帮助中的单点登录".

区别

委托身份验证相对于联合身份验证有一些缺点.首先，委托身份验证本质上**不如联合身份验证**安全.即使加密，委托身份验证仍会通过 Internet 将用户名和密码(甚至可能是您的网络密码)发送到 Force.com.一些公司的政策禁止第三方处理他们的网络密码.其次，委托身份验证**需要公司执行更多工作**.必须开发、托管、在 Internet 上公开为组织配置的 Web 服务端点，并与公司的身份存储集成.

关于 的更多详细流程

Anybody know the difference between Federated authentication and Delegated authentication in salesforce? Can you explain the flow of request in these two methods?

解决方案

The main difference is the use of Security Assertion Markup Language (SAML) on Federated Authentication.

Delegated Authentication Use delegated authentication if you have mobile users in your organization, or if you want to enable single-sign on for partner portals or Customer Portals. You must request that this feature be enabled by salesforce.com. This recipe explains delegated authentication in more detail.

Federated Authentication using SAML Federated authentication uses SAML, an industry standard for secure integrations. Investing in SAML with Salesforce.com can be leveraged with other products or services. If you use SAML, you don't have to expose an internal server to the Internet: the secure integration is done using the browser. In addition, Salesforce.com never handles any passwords used by your organization. For more information, see "Configuring SAML Settings for Single Sign-On" in the Salesforce.com online help.

Difference

Delegated authentication has a few drawbacks with respect to federated authentication. First, delegated authentication is inherently **less secure than federated authentication**. Even if encrypted, delegated authentication still sends the username and password (possibly even your network password) over the internet to Force.com. Some companies have policies that preclude a third party for handling their network passwords. Second, delegated authentication **requires much more work for the company implementing it**. The Web services endpoint configured for the org must be developed, hosted, exposed on the Internet, and integrated with the company's identity store.

More detailed flow and code example on delegated

More detailed flow on SSO width SAML

这篇关于Salesforce 中的联合身份验证和委托身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！