1. HI Jitendra,
    Can you please brief me out 1 thing, how my authentication provider instance will authenticate my other / target instance becaus every configuration which you have discussed here is for target/ current org. I am not able to get how this will allow me to login via other org into current org?

  2. Hi,

    We are trying to implement SSO using Facebook credentials. When we use the SSO URL, it redirects us to the FB login screen, where when we enter our credentials, it gives an error. Screenshot attached. Do you have any idea how to resolve it?

    When I check the debug logs, it is inserting the contact, inserting the user, but then fails with this error, giving no other information in the debug log.

    Any suggestions welcome 🙂

  3. Hi,

    I want to know the way to modify SAML response before sending to SP to add the permission set name assigned to the user for the connected app to connect with SP.
    I found that it can be done using ConnectedAppPlugIn class. Please help with some sample.


      1. You cannot intercept SAML reponse before reaching to SP, Handshaking of certificate / Authentication will fail. IP needs to have this permission. If you give some thoughts around security, its not possible.

  4. I have done everything you explained and in the end when I click on the button I am getting logged in to the same org rather that getting logged in to a different(expected) org. Can you please help where probably I could have done mistake? Where should the auth provider should be created?

  5. Hi Jitendra Zaa,
    I have done all your steps but finally i get this error…

    We can’t log you in because of the following error. For more information, contact your Salesforce administrator.
    CSRF: No CSRF cookie

    We can’t log you in because of the following error. For more information, contact your Salesforce administrator.
    CSRF: CSRF mismatch: Cookie 24420330048643426601489835138143-3899016716802188792, request -19060066950583086001489835731663-8855758307183285335

    How to fix?

    Pls help anyone…

  6. Hi Jitendra,
    I’m trying to do the authentication from a form through php and once the authentication is complete, I’m trying to post the form info to salesforce. Since I have to provide callback url, the control is going to callbackurl instead of the calling form/php. Do you know how I can solve this issue so I still can have the form information to post in the callback url or to go back to calling form/php instead of callback url?

  7. Confusing…

    The blog is not at all clear what should be done in what Org.

    I assume (but haven’t yet tried)

    Create Connected app = “service provider Salesforce instance”
    Create Authorization Provider = “Authentication Provider instance”
    Set Callback URL in Connected App = “service provider Salesforce instance”
    Create field in User Object = “Authentication Provider instance”
    Update Auto generated Registration Handler Apex class = “Authentication Provider instance”
    Add Salesforce button on Login Page = “service provider Salesforce instance”

    Can you update the blog to make this easier to follow, or at least confirm by above assumptions?

    1. Hi Ian,
      Throughout this article I have used term “service provider Salesforce instance” for Organization where I need to go after login and “Authentication Provider instance” which will authenticate user and will act as source organization for login. Made some text bold , let me know if it helps.

    2. I feel something is not correct.
      When adding the “Salesforce button on Login Page” system will show all the Auth Provider list. Since we have created Auth. Provider in another org, this Org will not show that option.

  8. Hi Jitendra,

    Thank you for the detailed steps. I’m trying to set up a Salesforce based SSO for a community. I.e. a user with a Salesforce account on any org should be able to login to my community. While I’ve followed your steps to set up the SSO, from the login screen on the community, when I select “SSO Provider” button, I am taken to a page that shows me an error message:


    Upon reading up, it is said that the redirect URL defined in the connected app sometimes takes a while to propagate across all the Salesforce instances and so this error could occur. It’s been more than 24 hours but I still run into the same error. Do you know of any other reason why this error could occur? Thanks.

  9. Hii Jitendra
    I’m getting an error saying
    “We can’t log you in because of the following error. For more information, contact your Salesforce administrator.

    REGISTRATION_HANDLER_ERROR: List has no rows for assignment to SObject”

    when i’m trying to login using REST.

    Awaiting response,

  10. Hi Jitendra,

    I have followed all the mentioned steps, when i try to login i get the below error

    We can’t log you in because of the following error. For more information, contact your Salesforce administrator.

    NO_ACCESS: Unable to find a user

    Please let me if i am missing anything here.

    Thank you very much!

  11. I followed the steps, also replaced the client Id with my consumer key but getting the following error:


  12. Hi Jitendra,

    Thanks for the post. Is there any blog post for the below scenario

    Embed external web application in a custom tab. Once clicked on this custom tab the user should be automatically logged in and show this external web application with in this custom tab.

    If you can guide with some of your inputs or link to any of your blog post would be really helpful.

    Thanks, Sai

  13. Hi Jitendra,

    I have implemented the Identity provider using the steps given above, but I end-up with an error and now I am unable to login to my developer org. I am getting the following error.
    “Unable to Access Page
    The value of the “state” parameter contains a character that is not allowed or the value exceeds the maximum allowed length. Remove the character from the parameter value or reduce the value length and resubmit. If the error still persists, report it to our Customer Support team. Provide the URL of the page you were requesting as well as any other related information. ”

    This error occurred when I logged out and logged in to org.

    Could you please help me resolving the issue.

    Thanks in advance,

  14. keep on signing into same developer account if i enter wrong details.
    i put debug logs on Execute Registration As user.
    In the debug logs it never calls ceateUser method.

  15. How to get authorization code in auth provider call after login. I am not able to get it in auth class. After outh code, do i need to make callout to get accesss token and refresh token.Please tell. Thanks

  16. I am looking to use OpenId to authenticate using third party credentials to access the SF Rest APIs.

    Would it work to use an Auth Provider with the Consumer and Client key of a Connected App in the same org? this way I can authenticate with a third party credentials to access the APIs?

  17. Hi all,

    I am getting the error of (ErrorCode=No_Oauth_State&ErrorDescription=State+was+not+sent+back) when I try to connect my IDP(PindIdentity) to Salesforce via OpenID.

    If anyone can help that would be great.

  18. For those of us getting 302 and followed by 401 as noted in the comments of many visitors.
    It may be due to the mydomain url not being used in the Auth provider and the named credentials instead one may be mistakenly typing the instance url from the browser, the instance url should be the my domain url and should have the …my… signature

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.