integration with salesforce for single sign on

By: Piyush Patil named 22 Jun 2016 at 10:01 a.m. CDT

21 Responses
Piyush Patil gravatar
Hi, we are trying the Salesforce SSO as given in gluu docs but not able to login into salesforce. as error says " We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins. " I also tried modifying relying-partys id to sp's entity id like in other tickets.But still not able to login. PLease tell me the solution.
Rhel65
closed

Answers

By Mohib Zico Account Admin 22 Jun 2016 at 10:18 a.m. CDT

Copy
Mohib Zico gravatar
Hi Piyush, Let's check what SAML Assertion validator of SalesForce saying; it should have indication of failure.

By Piyush Patil named 23 Jun 2016 at 9:28 a.m. CDT

Copy
Piyush Patil gravatar
it displays "Results Unexpected Exceptions Unable to parse the response Premature end of file. 1. Validating the Status Unknown 2. Looking for an Authentication Statement Unknown 3. Looking for a Conditions statement Unknown 4. Checking that the timestamps in the assertion are valid Unknown 5. Checking that the Attribute namespace matches, if provided Unknown 6. Miscellaneous format confirmations Unknown 7. Confirming Issuer matches Unknown 8. Confirming a Subject Confirmation was provided and contains valid timestamps Unknown 9. Checking that the Audience matches Unknown 10. Checking the Recipient Unknown 11. Validating the Signature Unknown 12. Checking that the Site URL Attribute contains a valid site url, if provided Unknown 13. Looking for portal and organization id, if provided Unknown 14. Checking if session security level is valid, if provided Unknown Subject: Unable to map the subject to a Salesforce.com user"

By Mohib Zico Account Admin 23 Jun 2016 at 9:37 a.m. CDT

Copy
Mohib Zico gravatar
Make sure you are uploading x509 crt format SAML IDP cert properly and releasing transientID.

By Piyush Patil named 23 Jun 2016 at 9:58 a.m. CDT

Copy
Piyush Patil gravatar
I used'shibIDP.crt' from Gluu server 'chroot' environment under'/etc/certs/'folder and upload it copy pasted the code from start to end and saved it in notepad as cert.crt.then uploaded it and also did add transientid in trust relationship

By Mohib Zico Account Admin 23 Jun 2016 at 10:06 a.m. CDT

Copy
Mohib Zico gravatar
Okay.. but Salesforce is still complaining about that. Let's check what attributes are released from IDP. Here is what you can do: - Clean the browser. - Try SSO again. - Get last 1000 line from 'idp-process.log' and send us that 1000 line.

By Piyush Patil named 24 Jun 2016 at 2:44 a.m. CDT

Copy
Piyush Patil gravatar
please find the log file attached for 1000 lines
idplogfile_nKFiWvi.txt

By Mohib Zico Account Admin 24 Jun 2016 at 3:54 a.m. CDT

Copy
Mohib Zico gravatar
Hi Piyush, Ok.. I can see couple of things in log. The most important part: >> org.opensaml.saml2.metadata.provider.MetadataProviderException: Metadata file '/opt/idp/metadata/idp-metadata.xml' does not exist Can you please do a 'ls -l' inside /opt/idp/metadata/ ?

By Piyush Patil named 24 Jun 2016 at 4:27 a.m. CDT

Copy
Piyush Patil gravatar
it displays: "total 16 -rw-rw-r--. 1 tomcat tomcat 6612 Jun 22 03:47 3888D551E21EF07C0001688F8556-idp-metadata.xml -rw-rw-r--. 1 tomcat tomcat 3202 Jun 22 03:47 3888D551E21EF07C0002AC83D9EA0006078F9367-sp-metadata.xml -rw-rw-r--. 1 tomcat tomcat 3087 Jun 22 04:00 3888D551E21EF07C0002AC83D9EA00060C803D86-sp-metadata.xml "

By Mohib Zico Account Admin 24 Jun 2016 at 4:32 a.m. CDT

Copy
Mohib Zico gravatar
That looks correct. From where this message ( 03:31:44.656 - ERROR [org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:267] - Error occurred while attempting to refresh metadata from '/opt/idp/metadata/idp-metadata.xml' ) coming from then!! Anyways... can you zip your 'conf' directory which is under /opt/idp/ and send that? I'll need to take a look at your configuration.

By Piyush Patil named 24 Jun 2016 at 6:27 a.m. CDT

Copy
Piyush Patil gravatar
Here is the conf folder as attached.Please take a look at it
conf_dy3f3Uh.zip

By Mohib Zico Account Admin 24 Jun 2016 at 7:19 a.m. CDT

Copy
Mohib Zico gravatar
Thanks, I'll look into it.

By Piyush Patil named 24 Jun 2016 at 7:55 a.m. CDT

Copy
Piyush Patil gravatar
ok...Thanks

By Mohib Zico Account Admin 27 Jun 2016 at 9:26 a.m. CDT

Copy
Mohib Zico gravatar
Hi Hanamant, It's in our list; we will check and get back to you soon.

By Mohib Zico Account Admin 27 Jun 2016 at 3:32 p.m. CDT

Copy
Mohib Zico gravatar
Guys, We are going to record a video on how to configure Salesforce in Gluu Server and share with you.

By Piyush Patil named 28 Jun 2016 at 3 a.m. CDT

Copy
Piyush Patil gravatar
That sounds amazing...thank you

By Mohib Zico Account Admin 29 Jun 2016 at 3:53 p.m. CDT

Copy
Mohib Zico gravatar
Videos are ready... can you please share your gmail addresses? We will share it privately there in youtube.

By Mohib Zico Account Admin 30 Jun 2016 at 6:22 a.m. CDT

Copy
Mohib Zico gravatar
Thanks. Here are videos: - Part1: https://www.youtube.com/watch?v=0qQimGWi3_8&feature=youtu.be - Part2: https://www.youtube.com/watch?v=UZKaq5BFloo&feature=youtu.be

By Mohib Zico Account Admin 30 Jun 2016 at 8:24 a.m. CDT

Copy
Mohib Zico gravatar
>> my gmail id is hanamant.halli@gmail.com , can u please share the video to me. Done.

Post an answer