+ Start a Discussion
ChamingaD2ChamingaD2 

Salesforce SSO with Google App Engine

I wanna intergrate SSO between Salesforce and Google App Engine (Java).

 

Followed all steps in Google App Engine set up but I'm trouble finding where to enable SSO in Salesforce.

http://code.google.com/p/sfdc-gae-sso-delegated-auth/wiki/Setup

 

How can i do this ? Gimme easy steps.

 

Thanks in Advance :)

Pat PattersonPat Patterson

Hi - detailed steps for setting up the Salesforce end of this are at https://login.salesforce.com/help/doc/en/sso_delauthentication_configuring.htm - note step 1: "Contact salesforce.com to enable delegated authentication single sign-on for your organization." - you'll need to call the support number or email support@salesforce.com.

ChamingaD2ChamingaD2

What i wanna do is ...

           After clicking button on Salesforce CRM it should automaticly logged into Google App Engine application with SSO

 

Is it possible to do ? And how to do it ?

Pat PattersonPat Patterson

You may be able to use Salesforce as a SAML 2.0 identity provider (see https://login.salesforce.com/help/doc/en/identity_provider_about.htm) to access Google as a SAML 2.0 service provider (see http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html), then use the GAE users service to get the user's identity in your app (see http://code.google.com/appengine/docs/java/gettingstarted/usingusers.html).

 

I haven't tried any of this, but it looks like it might work.

siv001siv001

 

The code you are refering to (on code share) works the other way around, log into Google first then click on a link to get into salesforce.

 

 

ChamingaD23ChamingaD23

Yea, How to do it in way i want ?

Pat PattersonPat Patterson

Hi ChamingaD23 - I gave you three steps that you could try to get this working. I can try this out myself and post the results here, but, unfortunately, I won't be able to do that for a few days.

siv001siv001

Hi ChamingaD2,

 

  I would look at the methods that Pat described if you need it this way around.

 

  That being said why wouldn't the other way work, first log into Google App Engine then into salesforce, once this has been done any time you click out of salesforce into Google App Engine you will already logged on into the Google App Engine.

MarrisMarris

Hi  Patterson

 

          I have a requirement that when the user click the gmail link on VF page, it lands into their gmail inbox without asking his gmail password.So i tried the SSO between salesforce and google apps

 

         At first I had set IDP as salesforce then In google apps I activate the single sign on option and uploaded the certificate over there. I set google as service provider in salesforce 

 

         I think all Steps are over But the sigle sign on doesn't works The sso url pushes me to the login page of google instead of going into google apps without authentication. Please provide me the solution.

 

 Thanks in advance....

 

Thanks

Marris

Pat PattersonPat Patterson

Hi Marris,

 

First of all, how are you linking identities from Salesforce to Google? Double check the configuration in the SP configuration at Salesforce - have you set 'Subject Type' correctly? I haven't been able to find detailed docs for the Google SAML Service Provider, but the most likely configuration would be the 'username' subject type, assuming usernames correspond across Google and Salesforce. Also check that the ACS URL is set to https://www.google.com/a/domain.com/acs, substituting your domain for 'domain.com'.

 

If it's still not working, you should capture the HTTP traffic in your browser using a tool such as LiveHTTPHeadersieHTTPheaders or chrome://net-internals/ in Chrome (uncheck 'Strip private information (cookies and credentials).' to see all the relevant detail). You should be able to trace through the SAML interation to see where the problem is.

 

See Single Sign-On with Force.com and Microsoft Active Directory Federation Services for a similar interaction between AD FS and Salesforce.

 

Good luck!

 

Pat

MarrisMarris

Hi chuckmortimore

 

                    Thanks for the help. I tried that official docs in my google apps and salesforce but it is not working. I finished the identity provider and service provider steps then on google apps made sso on . On testing this using their steps it is not working. It doesnt redirect the page from google to salesforce. Any more stuffs do you have? Please provide me a help

 

 

Thanks

Marris

chuckmortimorechuckmortimore

You'd have to provide more information on where/how it's failing.   There simply isn't enough information here to diagnose

MarrisMarris

Hi

 

      I set the service provider as google apps and acs url as www.google.com/a/mycompany.com, entity id as google.com and saved it

 

      Then I set identity provider as salesforce.com as the steps given in that docs, I set google apps single sign on and given all the necessary url then uploaded the salesforce cert. there

 

      I set mycompany email id in federation Id column of user object.

 

      After finishing all this I typed my google apps url in browser. Instead of redirection to salesforce on login it simply goes to google apps as such. This is the problem i am facing

 

 

Thanks

Marris

 

MarrisMarris

Hi 

 

        I followed the doc very carefully and again i done these setting Now when i type my google apps link in browser it goes into salesforce login page . There I entered my salesforce credentials after that it has to go to google apps gmail inbox but it goes again to login page of google apps why?

 

 

Thanks

Marris

Pat PattersonPat Patterson

It seems like it's doing part of the SSO process now. Use one of the tools I posted links to earlier to examine the HTTP flow.

chuckmortimorechuckmortimore

Perhaps list all your settings on both sides, and we can compare with what we have.   Feel free to direct message me if you'd prefer to not post on the public board

MarrisMarris

HI Patterson

 

        I will check it out

 

Thanks

Marris

 

yud1234yud1234

can you explain me in detail how it works...i have already created an identity provider..whats the next step?

siv001siv001

 

From the instructions in setup -

 

salesforce.com set up

  1. Enable "Is Single Sign-On Enabled" option on a profile
  2. Associate a new Non-administrator user with "Is Single Sign-On Enabled" profile. The salesforce user name for this user will be the same as the Google user name for example xxx@gmail.com
  3. Set Delegated Gateway URL to "https://your_google_app_name.appspot.com/authority" (Setup - Administration Setup - Security Controls - Single Sign-On Setting). Where your_google_app_name is the Google App Engine application you have created.
  4. Login into "https://your_google_app_name.appspot.com" with Google user name. Where your_google_app_name is the Google App Engine application you have created.
  5. Test it is working by clicking "Login to Salesforce" link on the Google App Engine page

 

Which step are you stuck on?

yud1234yud1234

https://developers.google.com/appengine/docs/java/tools/eclipse

 

I have followed this link.....and all i have done is to obtain an identity provider in google app..which is

 

http://yudishramdowar.appspot.com/guestbook

 

I have not yet configured SSO on salesforce..(setup-> security controls--> single sign on settings)It is asking me for a certificate. I dnt have that certificate and i have no xml in my eclipse so that when i click a link...i'l redirected to salesforce..

siv001siv001

There are a few ways you can setup SSO in salesforce.

 

The code mentioned is using the delegated authenication mechanism. You can also do SSO with SAML (the more modern way)

 

From looking at how you are trying to configure it looks like you are trying to do it with SAML, in which case the code mentioned does not provide you with anything.

 

If you are happy to go witth delegated authenication follow the instructions to the letter and you should be fine.

yud1234yud1234

Hello, I', trying your example.Already contacted salesforce to activate my delegate authentication. I have already done the salesforce set up. I'm getting problem with the

 

Google App Engine set up

  1. Install the code from this project into an Google App Engine Eclipse project
    1. Create a new project from "Checkout Projects from SVN"
    2. Select read only SVN project
    3. Then "Check out as a project configured using the New Project Wizard"
    4. Select Google "Web Application Project"
    5. For package choose "com.sfdc"
    6. De-select "Use Google Web Toolkit"
    7. Due to SVN project configuration(on my part) not all files are correctly set up for project so -
      1. Copy appengine-web.xml in war/WEB-INF from another Google "Web Application Project" into new project and change the application id
      2. Copy lib directory in war/WEB-INF from another Google "Web Application Project" into new project
  2. Change secretKeyword String in Token.java to be your secret Keyword. For example this could be a random set of characters.
  3. Upload project into the Google App Engine
  4. Test it is working by logging into "https://your_google_app_name.appspot.com" with Google user name. Where your_google_app_name is the Google App Engine application you have created.

 

I'm getting this error...

 

Error: Server Error The server encountered an error and could not complete your request.

If the problem persists, please report your problem and mention this error message and the query that caused it.

 

 

Since i'm testing it on my salesforce sandbox..I changed the  salesforceLoginURL = "https://test.salesforce.com";  in Login.java.....I don't knw how to solve this issue. Please help!!

siv001siv001

At what step are you getting the error you mentioned?

yud1234yud1234

when i go to this link...

 

http://developer.force.com/projectpage?id=a063000000CVXDRAA5

 

do you have a complete package that i can upload directly into my eclipse.?

I have created the 5 java classes...and put my application id in the xml file..

I thk i'm getting problem in step 1.

yud1234yud1234

I don't really know at what step the error is coming. Can you please tell the order of the 5 classes..I'l try to debug it....

siv001siv001

 

Check out  http://developer.force.com/cookbook/recipe/enabling-single-sign-on-with-the-force-com-platform it has a nice diagram at the end to show the flow of information for delegated authenication.

yud1234yud1234

I have already read these documents..but what i really need is that the user must be able to sign in to salesforce using the google app. Excatly what you have. I can't understand how to solve this...

siv001siv001

  So its the stage "Google App Engine set up" you are have challenges with?

 

  Does the "Test it is working by logging into "https://your_google_app_name.appspot.com" with Google user name. Where your_google_app_name is the Google App Engine application you have created" work for you?

 

  Did you also copy the lib across in step 7.2 in "Google App Engine set up"

yud1234yud1234

yea right...I'm having problem with the Google ap engine set up.Yes I have my application id.      For step 7.2 i created a new project copy the xml file and add my application id to it.then upload the project.. but i'm still getting the error..

 

Error: Server Error The server encountered an error and could not complete your request.

 

 

This is my xml file: appengine-web.xml

 

<?xml version="1.0" encoding="utf-8"?>
<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
  <application>yudishramdowar1</application>
  <version>1</version>

  <!--
    Allows App Engine to send multiple requests to one instance in parallel:
  -->
  <threadsafe>true</threadsafe>

  <!-- Configure java.util.logging -->
  <system-properties>
    <property name="java.util.logging.config.file" value="WEB-INF/logging.properties"/>
  </system-properties>

</appengine-web-app>

yud1234yud1234

Yes, the test "https://your_google_app_name.appspot.com" work for me....there is an example hello world when i create a new project...i start getting the error when i copy the 5 java file into the project.

yud1234yud1234

Link for my delegated authentication on salesforce is

 

https://yudishramdowar1.appspot.com/authority

 

I'm i doing somethng wrong...??

siv001siv001

 

So from looking at http://yudishramdowar1.appspot.com/ it appears that the app is not at the root level. If it was you would have got 403 Forbidden message. For this url.

 

Typing in http://yudishramdowar1.appspot.com/home would have given you a page to log into.

 

Somehow in the app engine config you need to get it to properly point to the app rather than have it embedded as a link of the main page. It's been a while since played with the app engine so not sure how to do this.

 

I will update the setup instructions to get everyone to test with /home instead.

yud1234yud1234

The app with the http://yudishramdowar1.appspot.com/home

dispay an error again...

 

Error: Not Found The requested URL /home was not found on this server.

 

I don't get any salesforce link. But i think it makes sense if i cn't access my project "SVN Project"

 I'll not be able to access its content as well.

 

The app with this url http://yudishramdowar1.appspot.com/  

displays the following:

 

Hello App Engine!

Available Servlets:

SVN_Project

 

Yes if u cn please modify it...thank you

siv001siv001

So I've only modified the instructions.

 

You still need to make the google app engine point to the app correctly. Not have it embedded as as link on the home page. I've not been in google apps for a while so not sure how to do this. When you have done this the /home link should work.

yud1234yud1234

I have done the /home but still getting the error..what did you mean by my app is not at the root level..and if its not at the root level how to do this. if you want you can add me on skype please..we can discuss on that..

 

Skype name: yudish.ramdowar1

siv001siv001

 

The default home page (hello world) should not be appearing, only the installed app. This is not the case with your instance. It's been a long while since I've used google app engine and not sure what you need to do inside google app engine to get it to correctly point to the installed app as opposed to the default app.

yud1234yud1234

Hello i find a log file...on my google app and its displaying these errors...

Can you please help?

 

EXCEPTION 
java.lang.ClassNotFoundException: com.sfdc.SVN_ProjectServlet

javax.servlet.ServletContext log: unavailable
javax.servlet.UnavailableException: com.sfdc.SVN_ProjectServlet
Failed startup of context com.google.apphosting.utils.jetty.RuntimeAppEngineWebAppContext@725967{/,/base/data/home/apps/s~yudishramdowar1/1.359218287830547423}
java.lang.NullPointerException
Uncaught exception from servlet
javax.servlet.UnavailableException: Initialization failed.
thecloudgizmosteamthecloudgizmosteam

If you have Google Apps and Salesforce, you might be interested in our latest product, The Scoop Composer (http://www.cloudgizmos.com/salesforce-gmail-integration), which integrates the two.  Not only does it contain a contextual gadget that shows you the relevant Salesforce info at the bottom of every Gmail, but it is a productivity tool that allows users to seamlessly traverse between the Gmail and Salesforce, instantly logging calls, attaching emails, and pull new prospects into Salesforce straight from their inbox. Like Salesforce, our customers are primarily security-aware enterprise businesses (Google was our first customer). Feel free to contact us if this is of interest.  Regards, Rachel (from CloudGizmos).