Janrain Salesforce Single Sign On Execution Flow

Salesforce Single Sign On (SSO) using Janrain – Video

Salesforce supports many Auth Provider out of the box, which can be used as Identity provider. Some of the examples – Facebook, Google, Github, Salesforce, OpenId Connect , Linked In and Janrain.

If you are in need to use Wechat , Yahoo or some other social account like Microsoft, don’t get disappointed. Even if they are not available out of the box as Auth Provider in Salesforce , Salesforce has provided magical box Janrain. Janrain supports vast list of social platform which can be used as Identity provider for your Salesforce instance.

How Janrain is different compared to other SSO solutions for Salesforce

If we configure Identity provider for Salesforce using Single Sign On or Auth Provider, those options will appear on Login Salesforce page as a button (shown in below image).

Options to use multiple Identity provider on Salesforce Login Page
Options to use multiple Identity provider on Salesforce Login Page

However, if we use Janrain as Identity provider it would not appear on Salesforce login page. Janrain gives HTML code which needs to be placed on public accessible page. If Login is success, then Janrain redirects to Salesforce SSO endpoint ending up seamless login experience as shown in this animated image.

Salesforce Janrain Login Widget
Salesforce Janrain Login Widget

Click here for demo animated image.

Note in above demo :

  • Single Sign On launched from local HTML file
  • We can login using Twitter, Yahoo, AOL and other social application using Janrain

Let’s see how Janrain and Salesforce can be configured

Step 1: Create Janrain Application

Create Janrain application by navigating this URL (Its free)

Step 2: Create Auth Provider in Salesforce

In this step, navigate to Salesforce | Setup | Identity | Auth. providers | New | Janrain.

You can keep Name and URL suffix same. Value in Consumer Secret would come from Janrain | Your application | Setting | API Key (secret).

For registration handler , choose auto create on save. We will update this Apex class later in this post.

Select Admin User in Execute Registration As . 

Janrain Auth Provider in Salesforce
Janrain Auth Provider in Salesforce

Once setting saved, Salesforce would generate various SSO login URL for internal users and all Communities available in your Salesforce org. We are interested only in internal users, and therefore we are only interested in Single Sign-On Callback URL, we would need it later in Step 5.

Salesforce Auth Provider SSO URL generated
Salesforce Auth Provider SSO URL generated

Step 3 – Configure providers in Janrain

Now in Janrain application, you can configure Social login providers like Facebook, Twitter, Yahoo etc. It can be configured by navigating to Janrain | Your Application | Provider. Setting up providers are very easy, you just need to follow instructions.

Janrain SSO Application Dashboard
Janrain SSO Application Dashboard
Configuring Facebook Provider in Janrain

I only faced small hiccup in configuring facebook because instruction in Janrain is pretty old. Only missing step was adding callback URL in facebook application. Below image shows format of callback URL, you would only need to replace sfdcilovesso by your Janrain application name in facebook application.

Create Facebook Application for Single Sign On - Salesforce - Janrain
Create Facebook Application for Single Sign On – Salesforce – Janrain

Step 4 – Get Janrain Widget Code

Navigate to your Janrain application ad click on Widgets and SDKs | Sign Ins. Choose providers for widget and get code.

Step 5 – Place Janrain Widget code in Public Site

we would need some public accessible page to place code copied in Step 4. I have used Salesforce public Site. In this code, you would need to update value for variable janrain.settings.tokenUrl. This would be Single Sign-On Callback URL, copied in Step 2. Source Code of Visualforce page is provided at end of this post.

Step 6 – Update Registration Handler Apex class

Registration handler Apex class was auto created in Step 2. It would need to be updated as per your requirement. One user can have multiple social accounts, so I have created custom object to store all unique identifiers of social applications configured in Janrain. This custom object would have lookup relationship with User. This object is used only in createUser() method, that means it would be used only first time when user would attempt to use social login. Every subsequent login attempt would use updateUser() method because link between third party social account and user would be established already. Source code is provided at end of this post.

Question : How Salesforce decides that createUser() or updateUser() method of Apex Registration handler needs to be executed ?

Ans : When user attempts to login first time in Salesforce using registration handler class, createMethod is executed. Salesforce internally saves mapping between user and application against which it is authenticated, in Third-Party Account Links , found in user’s related list. In next login attempt, because of Third-Party Account Links Salesforce is able to determine that user already used Auth provider previously, so reuse that information and execute updateUser method.

Salesforce Auth Provider - Third-Party Account Links related list on User object
Salesforce Auth Provider – Third-Party Account Links related list on User object

Resources :

Official Salesforce and Janrain documentation 


Related Posts

Comments

One response to “Salesforce Single Sign On (SSO) using Janrain – Video”

  1. Amol Gaikwad Avatar
    Amol Gaikwad

    I have tried to login with Instagram but it gives error NO_ACCESS:Unable to find a user.
    Can you please help me into this/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Jitendra Zaa

Subscribe now to keep reading and get access to the full archive.

Continue Reading