+ Start a Discussion
ChrisGountanisChrisGountanis 

Self Service Portal SSP and Single Sign On SSO or AutoLogin from 3rd Party Site

We have a corporate web site and I would like to have users click a link within our current site to frame up the SSP with no second login. Now I know you can generate HTML. Tweaking that with username and password works but how do you do it for every enabled SSP user. I was thinking API to sync SSP users and passwords but there is no password field in the selfservice tables. ANy tips or ideas? I am sure other companies have done something similar.
 
Thank you,
Chris Gountanis
cpierrecpierre

That is exactly what we would like to do!

I'd like to see some ideas on this...  

ChrisGountanisChrisGountanis
I was thinking about using setpassword for the SSP users. Maybe setting the password to some random string before the login occurs would be a good way to allow them SSO as well as make sure they are not going to the SSP directly. That along with removing the forgot password or password rest options might work. I can't find any documentation on using SF API for Self Serve Portal programming. Does anyone know where one could get more information or examples? Better yet any suggestions for my original post would make us happy campers.
ChrisGountanisChrisGountanis
*Bump*
Pat McQueenPat McQueen
Self Service portal user passwords can be validated through delegated authentication or through the salesforce.com password store.  (e.g use a token with delegated authentication)  You can use the API call to set a users password when the password is stored in salesforce.com.  Once you know the password then you can log the user in through a URL:

https://na1.salesforce.com/secur/login_portal.jsp?orgId=00D300000008huq&portalId=06030000000DKoZ&loginType=2&un=user.domain.com&pw=secret


or

https://<instance>.salesforce.com/secur/login_portal.jsp?orgId=<org_id?&portalId=<portal_id>&loginType=2&un=<user_name>&pw=<password>

where

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11">

WHERE:
<instance> is the name of the instance on which your organization resides, such as "na1" or "emea"
<org_id> is the Id for your instance of salesforce.com as identified on your company profile.

<portal_id> is the id for the portal

< user_name> is self service user name

<password> is the password for the self service user


Pat

ChrisGountanisChrisGountanis
Basic Start Page with Hyperlink - Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>SSP Link Example</title>
</head>
<body>
<a href="ssplogon.aspx—username=username@whatever.com">Support Login</a>
</body>
</html>

 
ASP.NET Page That Handles the Password and Redirect - Code:
using System;
using System.Net;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using SalesforceSelfServicePortal.apex;


namespace SalesforceSelfServicePortal
{
    public partial class _Default : System.Web.UI.Page
    {
        private SforceService binding; 

        protected void Page_Load(object sender, EventArgs e)
        {          
            //if username was sent in set variable to be used later
            string sUserName = Request.QueryString["username"];

            if (sUserName == null || sUserName.Length == 0)
            {
                Response.Write("Error: Username not found or invalid!");
                return;
            }

            //create the binding to the sforce servics 
            binding = new SforceService();

            //time out after a minute 
            binding.Timeout = 10000;

            //login using static api based user (do not chnage)
            LoginResult loginResult = binding.login("someapiuser@somewhere.com", "passwordandtokencombined");

            //change the binding to the new endpoint 
            binding.Url = loginResult.serverUrl;

            //create a new session header object and set the session id to that returned by the login 
            binding.SessionHeaderValue = new apex.SessionHeader();
            binding.SessionHeaderValue.sessionId = loginResult.sessionId;

            //run query on contact based on email address 
            QueryResult qrSelfServiceUser = binding.query("Select Id, Name from SelfServiceUser Where UserName='" + sUserName + "'");

            if (qrSelfServiceUser.size == 0) //user not found in self service users table
            {
                Response.Write("Username (" + sUserName + ") is not a registered user, please contact your Sales Account Manager.");
            }
            else //user found in self service users table
            {
                //set contact using first record returned
                SelfServiceUser SingleContact = (SelfServiceUser)qrSelfServiceUser.records[0];
                
                //create random password string
                String sNewPassword = System.Guid.NewGuid().ToString();
                
                //set password on self service user using id
                binding.setPassword(SingleContact.Id, sNewPassword);

                //redirect page to ssp using username and new password to allow automatic login
                Response.Redirect("https://na5.salesforce.com/sserv/login.jsp—orgId=00xxxxxxxuy2&un=" + sUserName + "&pw=" + sNewPassword);
            }
        }
    }
}

 

theitdeptrockstheitdeptrocks

This hits the nail on the head with what we are looking to do as well.

 

Could you tell me where "SalesforceSelfServicePortal.apex;" comes from?

 

Thanks!

petec@i2isyspetec@i2isys

I hope I am in the right discussion.  We already have a self-service portal going.   Our customers go to our website to log in to the SSP.  Once they are logged in and looking at the SSP home page, we would like to have a link that takes them to a 3rd party website that requires authentication.  The 3rd party website is called uservoice and allows for the creation of a discussion forum.  They allow single sign on.  So I'm trying to figure out how to have the authentication that happens when our customers log into our SSP to then pass to the uservoice site and authenticate.  Their instructions say you have to create a JSON object, and then create a SSO token.  But how and where do you do all that?  I'm a novice!

 

Thanks,
Pete