/
Logging in to Salesforce using the Identity Server

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Logging in to Salesforce using the Identity Server

Jan 21, 2018

This topic provides instructions on how to log into Salesforce using your WSO2 Identity Server credentials.

Configuring Salesforce

  1. Sign up as a Salesforce developer if you don't have an account. If you already have an account, move on to step 2 and log in to Salesforce.

    1. Fill out the relevant information found in the following URL:  https://developer.salesforce.com/signup

    2. Click Sign me up.

    3. You will receive a security token by email to confirm your new account. If you did not receive the email successfully, you will be able to reset it by following the steps given here.

  2. Log in with your new credentials as a Salesforce developer. Do this by clicking the Login link in the top right hand side of https://login.salesforce.com/.

  3. Click Allow to enable Salesforce to access your basic information.

  4. Once you are logged in, create a new domain and access it. To do this, do the following steps.

  5. On the left navigation menu, search for Single Sign-On Settings, and click it.

  6. In the page that appears, click Edit and then select the SAML Enabled check box to enable federated single sign-on using SAML.

  7. Click Save to save this configuration change.

  8. Click New under SAML Single Sign-On Settings. The following screen appears.

    Ensure that you configure the following properties.

    Click Save to save your configurations.

  9. Go to Custom Settings in the left navigation pane and click My Domain.

  10. Click Deploy to Users. Click Ok to the confirmation message that appears.

  11. In the page that appears, you must configure the Authentication Configuration section. Scroll down to this section and click Edit.

  12. Under Authentication Service, select SSO instead of Login Page.

  13. Click Save.

Configuring the service provider

Follow the steps given below to configure salesforce as a service provider in WSO2 IS.

  1. Sign in. Enter your username and password to log on to the Management Console.
    The default username and password of the administrator is both admin.

  2. Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.

  3. Fill in the Service Provider Name and provide a brief Description of the service provider. Only Service Provider Name is a required field and we use Salesforce as the name for this example.

  4. Click Register.

  5. Expand the Inbound Authentication Configuration and the SAML2 Web SSO Configuration and click Configure.

  6. In the form that appears, fill out the following configuration details required for single sign-on. For more details about attributes in the following configuration refer SAML2 Web SSO Configuration .

  7. Click Update to save your configurations.

  8. When you log into Salesforce, you normally use an email address. So, to integrate this with the Identity Server, you need to configure WSO2 IS to enable users to log in using their email addresses. 

  9. Restart the Identity Server by entering ctrl + c in the command prompt or by using the management console.

Testing the configurations

Do the following steps to test out the configurations for a new user in Salesforce and the Identity Server.

  1. Create a user in WSO2 IS. 

    1. Once you log in to the Identity Server, navigate to the Main menu in the Management Console, click Add under Users and Roles.

    2. Click Users. This link is only visible to users with the Admin role. 

    3. Click Add New User.  When adding a new user, use an email address as the username.
      Since it is not mandatory to assign a role to a user in this tutorial, click Finish.

  2. Create a user in Salesforce. This user should have the same email address as the user in WSO2 IS

    1. Log in to the Salesforce developer account: https://login.salesforce.com/.

    2. On the left navigation pane, under ADMINISTRATION, click Users under Users.

    3. On the page that appears, click the New User button to create a new user.

    4. Create a user with the same username as the one you created in the Identity Server. Click Save to save your changes. An email will be sent to the email address you provided for the user.

  3. Access your Salesforce login URL on an incognito or private browser.

  4. Log in using the new credentials of the user you just created. You are then redirected back to Salesforce.



Troubleshooting guidelines

Additional troubleshooting information regarding any Salesforce side SSO failures can be retrieved by using Salesforce SAML Assertion Validator. Further information regarding the steps are available here.