FORCE.COM: SINGLE
SIGN-ON
Exercise Guide
EXERCISE GUIDE
Integrating with Force.com: Single Sign-On
Table of Contents
Exercise 1-1: Configuring Single Sign-On Using SAML ............................................................... 1
Appendix A – Generating a Security Token ................................................................................. 4
Appendix B – Registering Visual Studio ....................................................................................... 5
Appendix C – Create Your Own Instances of the Workbench and Axiom Applications ......... 6
Appendix D – Connecting through a Proxy Server ..................................................................... 7
EXERCISE GUIDE
Integrating with Force.com: Single Sign-On
Instructions:
1. Download the certificate from the identity provider and collect the name of the Issuer.
A. Navigate to https://dev502-sso.herokuapp.com.
B. Click SAML Identity Provider & Tester from the Welcome page.
C. Beneath the Download link is the name of the issuer. Write down the name of the Issuer below:
Issuer: _________________________
D. Click Download to retrieve the public key certificate from the Identity Provider.
E. Save the file Dev502IdpCert.cer to your local hard drive.
F. Copy the downloaded file to your desktop.
2. Configure single sign-on settings in Salesforce and collect information necessary to configure the
Identity Provider.
A. In Salesforce, navigate to Setup | Security Controls | Single Sign-On Settings.
B. Click Edit.
C. Select SAML Enabled.
D. Click Save.
E. Click New.
Name: SSOTest
Issuer: enter the value you recorded from above in step 1.b.i.
Identity Provider Certificate: Click Choose File and enter the location of the downloaded certificate
on your desktop. For example, C:\Documents and
Settings\<Username>\Desktop\Dev502IdpCert.cer and click Open.
Entity Id: https://saml.salesforce.com
F. Click Save.
G. Using the information displayed on the single sign-on settings page fill out the information below:
Salesforce Login URL: ___________________________________
Entity Id: ____________________________________
H. Based on the discussion with your instructor, choose the URL you would like the user to land on
when entering using SAML. The landing page can be any URL from inside Salesforce (e.g., the
Candidates tab: https://yourInstance.salesforce.com/a01/o). Write down your choice below:
Salesforce Start Page URL: ___________________________________________
I. Log out of Salesforce by selecting Your Name | Logout.
3. Generate a SAML response to log in to Salesforce using SAML.
A. Return to https://dev502-sso.herokuapp.com
B. Click SAML Identity Provider & Tester from the Welcome page.
C. Click Configure to enter the properties for the identity provider.
SAML Version: 2.0.
Username OR Federated ID: enter the Salesforce username you have been using for the course.
E.g., admin@dev502.###.com, replacing ### with your uniquely assigned number.
Login URL: enter in the Salesforce Login URL from step 2.G.
Entity Id: enter in the Entity Id from step 2.G.
Start Page URL: enter in the Start Page URL from step 2.H.
D. Click Request SAML Response.
E. Review the information on the page. Select the entire contents of the Plain Text SAML Response
field and copy it.
F. Click Login.
4. Validate the assertion using the SAML Assertion Validator.
A. In Salesforce, navigate to Setup | Security Controls | Single Sign-On Settings.
B. Click SAML Assertion Validator.
C. Paste your copied text in the SAML Response text area.
D. Click Validate and review the results.
Review
1. What might change if you were implementing SAML single sign-on with a sandbox org?
2. What do you think the purpose of the Logout URL field is? What value do you think you might provide
for that field?
Instructions:
1. Customize the admin user to use your email.
A. Navigate to Your Name | My Settings | Personal | Personal Information.
B. Modify the Email field to be an email address you can access during class.
C. Click Save.
2. Generate a security token.
A. Navigate to Your Name | My Settings | Personal | Reset My Security Token.
B. Click on Reset Security Token.
C. Look in your email for the token.
Appendix C – Create Your Own Instances of the Workbench and Axiom Applications
Follow these instructions to create your own instances of Workbench and Axiom by deploying the
application to Heroku.
Instructions:
1. Deploy Workbench and Axiom to Heroku.
A. For Workbench, open a new tab and navigate to
http://github.com/ryanbrainard/forceworkbench. For Axiom, open a new tab and
navigate to https://github.com/ryanbrainard/axiom.
B. Scroll down and click Deploy to Heroku.
C. Log in to Heroku.
i. If you do not have a Heroku account already:
a. Enter your name in the Full Name field.
b. Enter an email address in the Email field.
c. Click Create Free Account.
d. Log in to the email account you specified above. You will have a confirmation email from
Heroku. Click the confirmation link to activate your account.
e. Enter a password of your choice.
f. Confirm your password.
g. Click Set password and log in. Wait for Heroku to take you to the New App setup page for
Workbench or Axiom.
ii. If you already have a Heroku account:
a. Click Log In (under the Create Free Account button).
b. Enter your Heroku account credentials
c. Click Log In. Wait for Heroku to take you to the New App setup page for Workbench or
Axiom.
D. Enter a unique app name in the App Name field, or leave it blank if you would like Heroku to
create an app name for you.
E. Click Deploy for Free, and wait while the application is deployed.
F. You will see deployment progress at the bottom of the page. When the page indicates that your
app has been successfully deployed, click the View it link.
the useDefaultCredentials parameter to true, you should not need to enter your network
credentials or NT Domain name. Also, the proxyaddress should be the IPv4 address or URL portion
of what was returned in Step 1A above. The server address and port number values should be
separated with a colon.
C. Press Ctrl-S to save.
D. Follow the remaining exercise instructions to complete testing the solution.
config.setProxy("proxyServer.corp.myCorp.com",8080);
Note: It is possible that the exercise file you have has commented code already present to access
the proxy server and all you will have to do is uncomment the applicable lines of code. Also, the
first part of the address should be the IPv4 address or URL portion of what was returned in Step 1A
above, followed by a colon and then the port number.
C. Optionally, specify the NT Domain name and network credentials used to access the proxy server
through the following additional lines of code:
config.setNtlmDomain("NtlmDom");
config.setProxyUsername("proxyUserName");
config.setProxyPassword("***");
D. Select File | Save.
E. Follow the remaining exercise instructions to complete testing the solution.