Child pages
  • AM 5x IDP + SalesForce SP via SAML2
Skip to end of metadata
Go to start of metadata
  1. AM : Setup AM Hosted IDP
  2. AM : Extract AM's Metadata file (https://hostname/openam/saml2/jsp/exportmetadata.jsp)
  3. AM : Setup IDP Assertions, donot forget to map SSOID to uid.(see fig)
  4. SF : Login to developers.salesforce.com
  5. SF : Goto Setup -→ Settings ---> Identity -→ SingleSignOn  (Click "New From Metadata" ), Upload IDP metadata file form step 2. (see fig)
  6. SF : On same page, select "SAML Enabled" (see fig)
  7. SF : On same page, Download SalesForce SP metadata and upload it into AM. (note, this download link should show up right after onboarding IDP, later on this link disappears!!)
  8. SF : Goto Setup → Company Settings --> MyDomain -→  add domain and set  "Authentication Service" to "adaptive" (see fig)
  9. SF : Goto "Setup → Administration → Users → Select the Test User → Set the "Federation ID" to AM uid value. 

1 Comment

  1. <?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://saml.salesforce.com" validUntil="2028-02-26T17:21:02.872Z" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

       <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

          <md:KeyDescriptor use="signing">

             <ds:KeyInfo>

                <ds:X509Data>

                   <ds:X509Certificate>MIIErDCCA5SgAwIBAgIOAWHPv63MAAAAAGRcwsgwDQYJKoZIhvcNAQELBQAwgZAx

    KDAmBgNVBAMMH1NlbGZTaWduZWRDZXJ0XzI2RmViMjAxOF8wMTM1MDAxGDAWBgNV

    BAsMDzAwRDZBMDAwMDAxanFsMTEXMBUGA1UECgwOU2FsZXNmb3JjZS5jb20xFjAU

    BgNVBAcMDVNhbiBGcmFuY2lzY28xCzAJBgNVBAgMAkNBMQwwCgYDVQQGEwNVU0Ew

    HhcNMTgwMjI2MDEzNTAxWhcNMTkwMjI2MDAwMDAwWjCBkDEoMCYGA1UEAwwfU2Vs

    ZlNpZ25lZENlcnRfMjZGZWIyMDE4XzAxMzUwMDEYMBYGA1UECwwPMDBENkEwMDAw

    MDFqcWwxMRcwFQYDVQQKDA5TYWxlc2ZvcmNlLmNvbTEWMBQGA1UEBwwNU2FuIEZy

    YW5jaXNjbzELMAkGA1UECAwCQ0ExDDAKBgNVBAYTA1VTQTCCASIwDQYJKoZIhvcN

    AQEBBQADggEPADCCAQoCggEBAJwqzt3ox8YN3JX0cvX8B5ndsTATQ7c3DeIzVVob

    9pPuOYAxS/C/UFHs758Rx1fCJOS3ZgpivmbudwBcd+X5ID/rNfflmrQ5XZ3sAgj6

    9AWAGVFjU2tbIIXB2Gi/rzXfz813FsQdQEyMhOouff/yPkFpxuO8PXEW3ZINGJId

    hTJE/M06eN5YV4OVXVG1UfDQg458jnJXWGYrjjCUfV5vLk/qdWkH32cmXai8yZuL

    Z40t9yNwwuikll4Vap5iO7myfXGRt1gRJ1brjCPfpe4MeFBifFj2QwnqWGYbWbxb

    nM5Ii6eoV70zxM1SI/bc+RwF+ozItbe4qLJltc2ljvwj+70CAwEAAaOCAQAwgf0w

    HQYDVR0OBBYEFB9z+qAmgSrc1O3PjfyMqlgxSkO5MA8GA1UdEwEB/wQFMAMBAf8w

    gcoGA1UdIwSBwjCBv4AUH3P6oCaBKtzU7c+N/IyqWDFKQ7mhgZakgZMwgZAxKDAm

    BgNVBAMMH1NlbGZTaWduZWRDZXJ0XzI2RmViMjAxOF8wMTM1MDAxGDAWBgNVBAsM

    DzAwRDZBMDAwMDAxanFsMTEXMBUGA1UECgwOU2FsZXNmb3JjZS5jb20xFjAUBgNV

    BAcMDVNhbiBGcmFuY2lzY28xCzAJBgNVBAgMAkNBMQwwCgYDVQQGEwNVU0GCDgFh

    z7+tzAAAAABkXMLIMA0GCSqGSIb3DQEBCwUAA4IBAQCaaQ+jARmrxxlV7Jbbp2pZ

    caRwL/zD/Q9vRliGN/juc64yS3TtB5dZpHsQUpTawlyguW2/L2RkQOEopE8h+VQP

    0T7bSz5kf5m0BHdWRRiqUH04REm8LRt+wzHVy3IaIG7XCIUQZ7OZ1cwQvcQODPp1

    QtMuc9qN08j+jh+P+NdC8UKY0rPpC09AquH4aKNVjYfaKV1+IFAGEy2pnCZr5g7N

    WwG9cJFoXrKAJFlCB1JJqfhM6KA5Er8MSoueaFJgZFxp6SUZor4E5IQD24WfCpRI

    lsHMZOBL1QljmVHz0D/11i8IyAeYVkjdKPoyhG9IH4rgeoGtL3khmjgKUubVi07C</ds:X509Certificate>

                </ds:X509Data>

             </ds:KeyInfo>

          </md:KeyDescriptor>

          <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>

          <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://tamirsa-dev-ed.my.salesforce.com?so=00D6A000001jql1" index="0" isDefault="true"/>

          <md:AttributeConsumingService index="0" isDefault="true">

             <md:ServiceName xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:lang="en">Salesforce.com</md:ServiceName>

             <md:RequestedAttribute Name="SSOID" isRequired="true"/>

          </md:AttributeConsumingService>

       </md:SPSSODescriptor>

    </md:EntityDescriptor>