Related posts

15 thoughts on “Login to Salesforce from Salesforce using Authentication Provider”

  1. HI Jitendra,
    Can you please brief me out 1 thing, how my authentication provider instance will authenticate my other / target instance becaus every configuration which you have discussed here is for target/ current org. I am not able to get how this will allow me to login via other org into current org?

  2. Hi,

    We are trying to implement SSO using Facebook credentials. When we use the SSO URL, it redirects us to the FB login screen, where when we enter our credentials, it gives an error. Screenshot attached. Do you have any idea how to resolve it?

    When I check the debug logs, it is inserting the contact, inserting the user, but then fails with this error, giving no other information in the debug log.

    Any suggestions welcome 🙂

  3. Hi,

    I want to know the way to modify SAML response before sending to SP to add the permission set name assigned to the user for the connected app to connect with SP.
    I found that it can be done using ConnectedAppPlugIn class. Please help with some sample.

    Thanks
    Sanjeev

      1. You cannot intercept SAML reponse before reaching to SP, Handshaking of certificate / Authentication will fail. IP needs to have this permission. If you give some thoughts around security, its not possible.

  4. I have done everything you explained and in the end when I click on the button I am getting logged in to the same org rather that getting logged in to a different(expected) org. Can you please help where probably I could have done mistake? Where should the auth provider should be created?

  5. Hi Jitendra Zaa,
    I have done all your steps but finally i get this error…

    We can’t log you in because of the following error. For more information, contact your Salesforce administrator.
    CSRF: No CSRF cookie

    We can’t log you in because of the following error. For more information, contact your Salesforce administrator.
    CSRF: CSRF mismatch: Cookie 24420330048643426601489835138143-3899016716802188792, request -19060066950583086001489835731663-8855758307183285335

    How to fix?

    Pls help anyone…

  6. Hi Jitendra,
    I’m trying to do the authentication from a form through php and once the authentication is complete, I’m trying to post the form info to salesforce. Since I have to provide callback url, the control is going to callbackurl instead of the calling form/php. Do you know how I can solve this issue so I still can have the form information to post in the callback url or to go back to calling form/php instead of callback url?

  7. Confusing…

    The blog is not at all clear what should be done in what Org.

    I assume (but haven’t yet tried)

    Create Connected app = “service provider Salesforce instance”
    Create Authorization Provider = “Authentication Provider instance”
    Set Callback URL in Connected App = “service provider Salesforce instance”
    Create field in User Object = “Authentication Provider instance”
    Update Auto generated Registration Handler Apex class = “Authentication Provider instance”
    Add Salesforce button on Login Page = “service provider Salesforce instance”

    Can you update the blog to make this easier to follow, or at least confirm by above assumptions?

    1. Hi Ian,
      Throughout this article I have used term “service provider Salesforce instance” for Organization where I need to go after login and “Authentication Provider instance” which will authenticate user and will act as source organization for login. Made some text bold , let me know if it helps.

  8. Hi Jitendra,

    Thank you for the detailed steps. I’m trying to set up a Salesforce based SSO for a community. I.e. a user with a Salesforce account on any org should be able to login to my community. While I’ve followed your steps to set up the SSO, from the login screen on the community, when I select “SSO Provider” button, I am taken to a page that shows me an error message:

    error=redirect_uri_mismatch&error_description=redirect_uri%20must%20match%20configuration

    Upon reading up, it is said that the redirect URL defined in the connected app sometimes takes a while to propagate across all the Salesforce instances and so this error could occur. It’s been more than 24 hours but I still run into the same error. Do you know of any other reason why this error could occur? Thanks.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.