Salesforce Single Sign-On

How to Configure Single Sign-On (SSO) to Salesforce With Gluu+WWPass Identity Provider#

This tutorial guides you through the steps you need to take to integrate Gluu+WWPass Single Sign-On (SSO) with Salesforce. WWPass provides secure and convenient authentication technology and Gluu makes it easy to perform tasks related to user management.

Step 1: Implement Gluu+WWPass Server#

You can find the software modules and instructions for Gluu+WWPass server implementation in our GitHub project.

Step 2: Set Up Salesforce.com#

First, you need to prepare Salesforce.com

  1. Log in to Saleforce.com;

  2. Click Setup;

  3. Click Company Settings, then My Domain;

  4. Add your domain or use Salesforce test domain;

  5. Please, stand by... It takes time to register a domain;
    My Domain Note: you need to add a custom domain to your Salesforce.com account or you can use a test domain name provided by Salesforce.

  6. Enter your Gluu server information to Salesforce.com;

  7. Go to Identity > Single Sign-On Settings;

  8. Click New;
    SSO Settings

  9. Add following information to your Gluu Server:

    • Name: add anything for you to recognize this this setup, i.e. My SSO Server;
    • API Name: My_SSO_Server;
    • Issuer: EntityID of your Gluu Server, i.e. https://iam.example.com/idp/shibboleth;
    • EntityID: Your Salesforce.com custom domain name;
    • Identity Provider Certificate: Assign your Gluu Server "idp-signing" certificate (you need to save and upload SAML certificate from your Gluu Server metadata or /etc/certs location);
    • Request Signing Certificate: Default certificate;
    • Request Signature Method: RSA-SHA256;
    • Assertion Decryption Certificate: not encrypted;
    • SAML Identity Type: Assertion contains your Salesforce.com username;
    • SAML Identity Location: Identity is in an Attribute element;
    • Attribute Name: Provide SAML2 URI of your attribute. For our test case we use the URN value of Gluu Server Email attribute. You can check your attribute information here;
    • NameID Format: Leave it empty;
    • Identity Provider Login URL: https://iam.example.com/idp/profile/SAML2/Redirect/SSO;
    • Service Provider Initiated Request Binding: HTTP-Redirect; Your setup should look similar to:
      SSO Settings Edit
  10. Confirm. If you did it right, you will see the page like the following:
    SSO Settings Done

Step 3. The Gluu Server#

Now you are ready to prepare the Gluu Server:

Note: More about Creating SAML Trust Relationship

  1. Use the Download Metadata option on the Salesforce.com website;
  2. Create Trust Relationship:
    • Display Name: insert anything for yourself to recognize this trust relationship later;
    • Description: insert anything for yourself to recognize this trust relationship later;
    • Metadata Type: ’File’;
    • Upload the Salesforce metadata;
    • Releases attributes: TransientID and Email;
    • Add it;
  3. Configure Specific Relying (you can use the Gluu Server GUI named:oxTrust);
    • Select SAML2SSO:
      • includeAttributeStatement: Enabled;
      • assertionLifetime: default;
      • assertionProxyCount: default;
      • signResponses: conditional;
      • signAssertions: never;
      • signRequests: conditional;
      • encryptAssertions: never;
      • encryptNameIds: never;
    • Save it;
  4. Update your relationship;

It should look like the picture below:

Adding Trust Relationship

  • Relying party configuration:

Relying Party Configuration

Step 4. Testing Your SSO#

Final step. It is time to check if your SSO was configured properly.

  1. Log in to Salesforce.com;
  2. todo: add info on how to get to setup;
  3. Create your test user; it should also exist on the Gluu Server;
  4. Click Identity > Single Sign-On Settings;
  5. Enable Federated Single Sign-On Using SAML :
    SAML Enabled
  6. Click Company Settings > My Domain;
  7. Set the Authentication Configuration;
  8. Click Edit;
    • Select Gluu Server;
    • Save the configuration;

If all steps were done properly, your Authentication Configuration should look similar to:

SAML Enabled

Summary#

You have successfully сonfigured SSO to Salesforce with Gluu+WWPass Identity Provider. If you have any questions, please contact us at support@wwpass.com