Continuing our exploration on Oracle IDCS and as promised in the first article , to provide some insights on common use cases of IDCS this week I am writing about IDCS Integration with Salesforce to achieve Single Sign On.
This blog post highlights the different steps involved in achieving this SSO.
Please note that we did not have a Salesforce instance available so we used the developer version of Salesforce. The salesforce developer edition is pretty easy to get. We just need to sign up at https://developer.salesforce.com/signup and we should be all set to go. Post the sign up we receive an email with the credentials and we should be all set to go.
High-Level Steps
IDCS–Salesforce integration can be achieved using the following steps:
Step 1: Create test users in Oracle IDCS.
Step 2: Create the same test users in Salesforce as created in IDCS.
Step 3: Register the Salesforce Domain.
Step 4: Extract Identity Provider Metadata from IDCS and import to Salesforce.
Step 5: Extract Service Provider Metadata from Salesforce and import it into IDCS.
Step 6: Test the login.
Detailed Steps
The details of each step are listed below.
Step 1: Upload users in Oracle IDCS via CSV import. This step is same as illustrated in the last article which can be found here.
Step 2: Create users in Salesforce.
a. Login to Salesforce.
b. Click on Manage Users link followed by Users.
c. Click on New User Button
d. Fill in the user details in the use form which looks like as below. Make sure the username is same as the username in IDCS.
e. Click on save button and make sure that the newly created user is visible in the list.
Step 3: Register the Salesforce Domain.
a. Login to Salesforce.
b. Click on Domain Management.
c. Click on My Domain
d. The my Domain Page looks like as below
e. Enter the domain name and click on check availability button
f. Click on Register Domain button.
g. User receives an email confirmation. (Please note that this might take up to 24 hours .)
h. To complete the domain registration just follow the instructions in the email.
Step 4: Extract Identity Provider Metadata from IDCS and import to Salesforce.
Follow the below steps to extract Metadata from IDCS.
a. Log in to IDCS. https://xxxxx.identity.oraclecloud.com/fed/v1/Metadata
b. Enter user name and password to log in.
c. Click on the file menu and save the IDP meta data.
Follow the steps below to Import Metadata to Salesforce.
a. Login to Salesforce. https://serene-dev-ed.my.salesforce.com
b. Click on Security Controls followed by Single Sign-On Settings.
c. The Single sign on settings page looks like as below.Click on New from Metadata File.
d. Click on Choose File and browse to select the extracted IDCS Metadata file.
e. Click on the Save button to save the Metadata..
f. Click on Edit button under the Single Sign On Settings to edit the SAML Settings.
j. Check the box SAML Enabled followed by Save.
k. The should look like below.
l. Click on Domain Management followed by My Domain
m. Click on Edit button under Authentication Configuration.
n. o. Click on Deploy to user’s button to deploy the domain to the users.
Step 5: Extract Service Provider Metadata from Salesforce and import to IDCS.
Extract Service Provider Metadata from Salesforce
a. Log in to Salesforce: https://serene-dev-ed.my.salesforce.com
b. Click on Security Controls and followed by Single Sign On Setting.
c. Click on SAML Single Sign-on Settings
d. Click on Download Metadata Button and save the file.
e. Click on the IDCS MetaData link and note the following values. Also, download the signing certificate.
ogoutRequestUrl
ü partnerProviderId
ü assertionConsumerUrl
f. Click on Certificate and Key Management.
g. Click on SelfSignedCert_29Dec2016_073349 from Certificates panel and click on Download Certificate button to save the file.
Importing Salesforce SP Metadata into IDCS.
a. Obtain access token from OIDCS as admin user.
URL: IDCS token service end point
Headers: Authorization
Operation: POST
Data: admin user, password, scope
Example:
b. Use the above access token to invoke the REST API.
URL: IDCS token service end point
Headers: Authorization
Operation: POST
Data: Details populated with service provider SCIM schema
Step 6: Test the login.
a. Log in to Salesforce: https://serene-dev-ed.my.salesforce.com à the page should be redirected to the IDCS login.
b. Enter username and password.
c. User is now logged in to Salesforce successfully!
That’s all we need to do the Salesforce Integration. Easy isn’t it!!!
Optionally, follow these steps to verify the underlying SAML Exchange.
a. Behind the scenes, the Salesforce service provider sends a signed authentication request to IDCS (which can be seen in the SAML tracer plugin in Chrome).
b. IDCS Identity Provider sends a signed assertion response confirming the user’s identity.
No comments:
Post a Comment