INTEGRATING WITH

FORCE.COM: SINGLE
SIGN-ON
Exercise Guide
EXERCISE GUIDE
Integrating with Force.com: Single Sign-On

Table of Contents
Exercise 1-1: Configuring Single Sign-On Using SAML ............................................................... 1
Appendix A – Generating a Security Token ................................................................................. 4
Appendix B – Registering Visual Studio ....................................................................................... 5
Appendix C – Create Your Own Instances of the Workbench and Axiom Applications ......... 6
Appendix D – Connecting through a Proxy Server ..................................................................... 7
EXERCISE GUIDE
Integrating with Force.com: Single Sign-On

Exercise 1-1: Configuring Single Sign-On Using SAML

Scenario:
Universal Containers would like to implement federated authentication. They have an identity provider
that supports SAML. You will need to enable single sign-on at both the identity provider and the service
provider (Salesforce).
Goal:
Implement federated authentication using SAML.
Tasks:
1. Download the certificate from the identity provider and collect the name of the Issuer.
2. Configure single sign-on settings in Salesforce and collect information necessary to configure the
identity provider.
3. Generate a SAML response to log in to Salesforce using SAML.
4. Validate the assertion using the SAML Assertion Validator.
Time:
15 minutes

Instructions:
1. Download the certificate from the identity provider and collect the name of the Issuer.
A. Navigate to https://dev502-sso.herokuapp.com.
B. Click SAML Identity Provider & Tester from the Welcome page.
C. Beneath the Download link is the name of the issuer. Write down the name of the Issuer below:
Issuer: _________________________
D. Click Download to retrieve the public key certificate from the Identity Provider.
E. Save the file Dev502IdpCert.cer to your local hard drive.
F. Copy the downloaded file to your desktop.
2. Configure single sign-on settings in Salesforce and collect information necessary to configure the
Identity Provider.
A. In Salesforce, navigate to Setup | Security Controls | Single Sign-On Settings.
B. Click Edit.
C. Select SAML Enabled.
D. Click Save.
E. Click New.
Name: SSOTest
Issuer: enter the value you recorded from above in step 1.b.i.

©Copyright 2016 salesforce.com, inc. All rights reserved. 1

EXERCISE GUIDE
Integrating with Force.com: Single Sign-On

Identity Provider Certificate: Click Choose File and enter the location of the downloaded certificate
on your desktop. For example, C:\Documents and
Settings\<Username>\Desktop\Dev502IdpCert.cer and click Open.
Entity Id: https://saml.salesforce.com
F. Click Save.
G. Using the information displayed on the single sign-on settings page fill out the information below:
Salesforce Login URL: ___________________________________
Entity Id: ____________________________________
H. Based on the discussion with your instructor, choose the URL you would like the user to land on
when entering using SAML. The landing page can be any URL from inside Salesforce (e.g., the
Candidates tab: https://yourInstance.salesforce.com/a01/o). Write down your choice below:
Salesforce Start Page URL: ___________________________________________
I. Log out of Salesforce by selecting Your Name | Logout.
3. Generate a SAML response to log in to Salesforce using SAML.
A. Return to https://dev502-sso.herokuapp.com
B. Click SAML Identity Provider & Tester from the Welcome page.
C. Click Configure to enter the properties for the identity provider.
SAML Version: 2.0.
Username OR Federated ID: enter the Salesforce username you have been using for the course.
E.g., admin@dev502.###.com, replacing ### with your uniquely assigned number.
Login URL: enter in the Salesforce Login URL from step 2.G.
Entity Id: enter in the Entity Id from step 2.G.
Start Page URL: enter in the Start Page URL from step 2.H.
D. Click Request SAML Response.
E. Review the information on the page. Select the entire contents of the Plain Text SAML Response
field and copy it.
F. Click Login.
4. Validate the assertion using the SAML Assertion Validator.
A. In Salesforce, navigate to Setup | Security Controls | Single Sign-On Settings.
B. Click SAML Assertion Validator.
C. Paste your copied text in the SAML Response text area.
D. Click Validate and review the results.

©Copyright 2016 salesforce.com, inc. All rights reserved. 2

EXERCISE GUIDE
Integrating with Force.com: Single Sign-On

Review
1. What might change if you were implementing SAML single sign-on with a sandbox org?

2. What do you think the purpose of the Logout URL field is? What value do you think you might provide
for that field?

©Copyright 2016 salesforce.com, inc. All rights reserved. 3

EXERCISE GUIDE
Integrating with Force.com: Single Sign-On

Appendix A – Generating a Security Token

Scenario:
You are going to use an API to access Salesforce from outside the trusted IP range. You need to generate
a security token for access.
Tasks:
1. Customize the admin user to use your email.
2. Generate a security token.

Instructions:
1. Customize the admin user to use your email.
A. Navigate to Your Name | My Settings | Personal | Personal Information.
B. Modify the Email field to be an email address you can access during class.
C. Click Save.
2. Generate a security token.
A. Navigate to Your Name | My Settings | Personal | Reset My Security Token.
B. Click on Reset Security Token.
C. Look in your email for the token.

©Copyright 2016 salesforce.com, inc. All rights reserved. 4

EXERCISE GUIDE
Integrating with Force.com: Single Sign-On

Appendix B – Registering Visual Studio

1. Make sure that you have your MSDN ID and password available, as this is required to register Visual
Studio.
2. Open Visual Studio by navigating to Start | Programs | Microsoft Visual C# Express Edition.
3. From the drop-down menu, select Help | Register Product.
4. Click Register Now.
5. In the browser window that opens, enter your MSDN ID and password and click Sign in.
6. Scroll to the bottom of the page and click Continue.
7. Copy the registration key provided on this screen.
8. Return to the Visual Studio screen, and paste the password into the Registration key: field.
9. Click Complete Registration.
10. In the dialog box that appears, click No, I would not like to participate.
11. Click Close.

©Copyright 2016 salesforce.com, inc. All rights reserved. 5

EXERCISE GUIDE
Integrating with Force.com: Single Sign-On

Appendix C – Create Your Own Instances of the Workbench and Axiom Applications
Follow these instructions to create your own instances of Workbench and Axiom by deploying the
application to Heroku.
Instructions:
1. Deploy Workbench and Axiom to Heroku.
A. For Workbench, open a new tab and navigate to
http://github.com/ryanbrainard/forceworkbench. For Axiom, open a new tab and
navigate to https://github.com/ryanbrainard/axiom.
B. Scroll down and click Deploy to Heroku.
C. Log in to Heroku.
i. If you do not have a Heroku account already:
a. Enter your name in the Full Name field.
b. Enter an email address in the Email field.
c. Click Create Free Account.
d. Log in to the email account you specified above. You will have a confirmation email from
Heroku. Click the confirmation link to activate your account.
e. Enter a password of your choice.
f. Confirm your password.
g. Click Set password and log in. Wait for Heroku to take you to the New App setup page for
Workbench or Axiom.
ii. If you already have a Heroku account:
a. Click Log In (under the Create Free Account button).
b. Enter your Heroku account credentials
c. Click Log In. Wait for Heroku to take you to the New App setup page for Workbench or
Axiom.
D. Enter a unique app name in the App Name field, or leave it blank if you would like Heroku to
create an app name for you.
E. Click Deploy for Free, and wait while the application is deployed.
F. You will see deployment progress at the bottom of the page. When the page indicates that your
app has been successfully deployed, click the View it link.

©Copyright 2016 salesforce.com, inc. All rights reserved. 6

EXERCISE GUIDE
Integrating with Force.com: Single Sign-On

Appendix D – Connecting through a Proxy Server

Scenario:
You are going to use an API to access Salesforce URL’s through a Proxy Server. You need to configure your
Visual Studio and Eclipse solutions to connect through this Proxy Server.
Tasks:
1. Determine and write down your Proxy Server settings.
2. Make code or configuration changes to your Visual Studio or Eclipse application.

Determine your Proxy Server Settings (Eclipse and Visual Studio)

1. The exact settings you need will vary depending on how your particular network is setup.
A. Determine the IP address or URL of your Proxy Server, along with the Port used to connect. Most
Windows users will be able to get this information by using the Command Prompt. Type the
following command at the command prompt and press Enter. The result could be an IPv4 address
or URL followed by a colon and the port number.
reg query
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings" | find /i "proxyserver"
ProxyServer/Port Number: _________________________
Note: Depending on the group policy settings of you network, you may not be able to access the
information without checking with your Network or System Administrator.
B. Optionally, you may also need to determine the NT Domain name of your Proxy Server. If you do
not know what this is, attempt to make the connection without specifying it first.
Domain: _________________________

Instructions for Visual Studio

1. Make configuration changes to each application that requires internet access to the Proxy Server.
A. From Solution Explorer locate the app.config and double-click the file to open it.
B. Scroll down to the bottom of the file and insert the following code right before the ending
configuration tag, or uncomment any code that is already present:
<system.net>
<defaultProxy useDefaultCredentials="true">
<proxy usesystemdefault="True"
proxyaddress="proxyServer.corp.myCorp.com: 8080"/>
</defaultProxy>
</system.net>
Note: It is possible that the exercise file you have has commented code already present to access
the proxy server and all you will have to do is uncomment the applicable lines of code. By setting

©Copyright 2016 salesforce.com, inc. All rights reserved. 7

EXERCISE GUIDE
Integrating with Force.com: Single Sign-On

the useDefaultCredentials parameter to true, you should not need to enter your network
credentials or NT Domain name. Also, the proxyaddress should be the IPv4 address or URL portion
of what was returned in Step 1A above. The server address and port number values should be
separated with a colon.
C. Press Ctrl-S to save.
D. Follow the remaining exercise instructions to complete testing the solution.

Instructions for Eclipse

1. Make code changes to each application that requires internet access to the Proxy Server.
A. From Package Explorer locate the file used to make a connection to Salesforce and double-click
the file to open it.
B. Locate the code used to authenticate with Salesforce. Enter the following line of code below the
lines used to set the username and password.

config.setProxy("proxyServer.corp.myCorp.com",8080);

Note: It is possible that the exercise file you have has commented code already present to access
the proxy server and all you will have to do is uncomment the applicable lines of code. Also, the
first part of the address should be the IPv4 address or URL portion of what was returned in Step 1A
above, followed by a colon and then the port number.
C. Optionally, specify the NT Domain name and network credentials used to access the proxy server
through the following additional lines of code:

config.setNtlmDomain("NtlmDom");
config.setProxyUsername("proxyUserName");
config.setProxyPassword("***");
D. Select File | Save.
E. Follow the remaining exercise instructions to complete testing the solution.

©Copyright 2016 salesforce.com, inc. All rights reserved. 8