Header sample.gif

The code below can respond to authentication requests from Salesforce.com organizations that have the single sign-on option. This code is very simple and should be modified to authenticate against an internal authentication system such as Kerberos, Active Directory, RADIUS, or LDAP. As-is, this code only authenticates one user using a username and password that is visible within the PHP file, which is typically not a secure way of storing passwords.

After modifying the username and password below and saving the code to a file, such as authtest.php, set your organization's authentication gateway to the https path of that file. Your server's security certificate will need to be signed by a generally-recognized certificate authority for this to work. Alternatively, you can use unencrypted http, but that is not recommended as the username and password are sent unencrypted across the Internet in that configuration.

Replace /etc/apache2/salesforce-authentication.wsdl with the path to the authentication WSDL file that can be downloaded from your organization's Setup->Integrate->Apex API page.


# Create the SOAP server
$server = new SoapServer("/etc/apache2/salesforce-authentication.wsdl", array('encoding'=>'UTF-8'));

# Login call
function Authenticate($login) {

    // Authenticate the user
    if ($login->username === "a.single.sign.on.user@your.organization.org" && $login->password === "the-password-of-that-user") {
        return array('Authenticated'=>true);
    } else {
        return array('Authenticated'=>false);

# Add the authenticate call

# Handle the SOAP request


This code was tested on openSUSE Linux 10.2 using Apache 2.2.3-20 and PHP 5.2.0-10.