Tuesday, February 7, 2017

Salesforce SSO with OAM PS3 ( [Part-1]

This post covers the steps for enabling IDP Initiated SSO to Salesforce using SAML2.0 and OAM as IDP. Lets understand the scenario before we jump into the configurations for SSO

  • End-user having accounts on IDP(OAM) and SP(salesforce) side with email as user login.
  • End-user will access OAM protected IDP initiated federated URL.
  • End-user will be authenticated with IDP side credentials and will federate the user to Salesforce.

  • Install and configure OAM
  • Configure Authentication store for OAM. In my lab, I have configured OUD as authentication store
  • Front-end OAM with OHS and protect with OAM
  • OAM
  • RHEL6
  • Salesforce
  • OUD
  • OHS
Lets configure this integration in three stages as shown below:
  • OAM (Identity provider configuration)
  • Salesforce (Service provider configuration)
  • Test data setup in IDP and SP
  • Validation 
OAM  (Identity provider configuration):
  • Access the following URL and login to OAM Console as administrator
    • http://<oam_host:7001>/oamconsole
  • Navigate to 'Configuration' ==>  'Available Services'
  • Make sure 'Identity Federation' is enabled
  • Go back to 'Launch Pad' and click on Settings ==> View ==> Federation
  • Make sure the ProviderId is updated with OHS front-end url
    • http://<ohs_host:ohs_port>/oam/fed/

  • Click on 'Export SAML 2.0 Metadata' and save the xml as "oam_idp_metadata.xml"

Salesforce (Service provider configuration):
  •  Login to salesforce as administrator and navigate to Single Sign-On settings
  • Click on Edit and check 'SAML Enabled'
  • Click on 'New from Metadata File' and import the oam_idp_metadata.xml file 
  • Click on save. This will create an 'Identity provider profile' on salesforce side
  • Click on 'Download Metadata' and save the file as 'sp_metadata.xml'
  • This will export the service provider metadata.
  • We need to import this sp_metadata.xml file on Identity provider side which will create a service provider partner profile on OAM side
To be continued in Part-2....