[mitreid-connect] Interoperability with Salesforce.com
Richer, Justin P.
jricher at mitre.org
Thu Sep 4 07:17:53 EDT 2014
Kari,
I've done a small bit of interoperability testing with the Salesforce.com<http://Salesforce.com> IdP and the MITREid Connect Relying Party (client code). I have not done any testing in the other direction, with the MITREid Connect IdP and a Salesforce-driven client. Is this their own client library? Is there any indication what Salesforce doesn't like about the response? Is it a problem with the SSL certificates on your test server, perhaps? I've seen that break things many times. It's also possible that Salesforce is looking for something special that we don't return in the same way that their own IdP does. It seems like this would be a good issue to bring to the Salesforce help desk, if you haven't already. We'd be happy to work with their engineers to make this work if you can get us connected.
-- Justin
On Sep 4, 2014, at 6:31 AM, Kari Hiitola <kari.hiitola at vincit.fi<mailto:kari.hiitola at vincit.fi>> wrote:
Hello,
Has anyone successfully used MITREid Connect Identity Provider for authenticating Salesforce.com<http://Salesforce.com> users?
I have created a simple webapp overlay (on top of MITREid Connect 1.1.9) that works perfectly with a test client https://demo.c2id.com/oidc-client/ . I configured a Salesforce (developer account) custom domain to use OpenID Connect authentication and created a custom registration handler. With the same registration handler and similar configuration I've been able to authenticate Salesforce.com<http://Salesforce.com> against Google's Identity Provider.
Out maybe a couple of hundred times that I have tried, authentication has succeeded twice. And without changing anything, it then has started to fail again. Normally Salesforce gives error: "ErrorCode=Unknown_Flow, ErrorDescription=The flow type was not recognized" which I couldn't find in Salesforce.com<http://Salesforce.com> documentation. The logs don't show the SF registration handler being run at all in these failed cases. Network traces show that Salesforce.com<http://Salesforce.com> backend issues the POST to /token but apparently doesn't like the response somehow.
Any ideas? Am I alone with these problems, or even alone trying to get it to work?
Best regards,
- Kari Hiitola
_______________________________________________
mitreid-connect mailing list
mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>
http://mailman.mit.edu/mailman/listinfo/mitreid-connect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20140904/b48aca12/attachment.htm
More information about the mitreid-connect
mailing list