SalesForce 使用 openAM 启动 SSO [英] SalesForce initiated SSO using openAM

问题描述

我们正在使用 OpenAM 为 SalesForce 实施 SSO.我们按照@http://blogs.oracle.com/rangal/entry/saml2_salesforce_com

We are implementing SSO for SalesForce using OpenAM. We followed the steps @ http://blogs.oracle.com/rangal/entry/saml2_salesforce_com

有两种情况1. Idp (OpenAM) 发起 SSO.2. 服务提供商 (salesForce) 发起 SSO.

There are two scenarios 1. Idp (OpenAM) initiated SSO. 2. Service provider (salesForce) initiated SSO.

场景 1 工作正常.场景 2 没有.

Scenario 1 works fine. Scenario 2 does not.

我在 SalesForce 的 SSO 最佳实践中读到，无法为 SalesForce SSO 实施场景 2.这样对吗?问候萨默尔

I read in SSO best practices for SalesForce that scenario 2 cannot be implemented for SalesForce SSO. Is this correct? regards Sameer

推荐答案

SP 发起的 SSO 可以通过 SFDC 实现，并且依赖于预先存在于浏览器中的 cookie (ssostartpage).这意味着用户应该在第一次设置 cookie 时执行 IdP init SSO，然后从那时起就可以进行 SP init SSO.

SP initiated SSO is possible with SFDC and relies on a cookie (ssostartpage) pre-existing in the browser beforehand. Meaning the user should perform IdP init SSO the first time to set the cookie, then SP init SSO is possible from that point forward.

参见这个在 SFDC 安全论坛发帖了解更多详情.

这篇关于SalesForce 使用 openAM 启动 SSO的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！