×

Loading...
Ad by
Ad by

@Las Vegas

Single Sign On的实施--请大侠指点

wscn008(隐者)
本文发表在 rolia.net 枫下论坛公司用web based的CRM,现在考虑实施SSO。
我把得到的帮助文档都转给了IT,但是IT搞不明白:

Enabling delegated authentication is easy:
– Open a case with support asking for Delegated Authentication to be turned on for your “org” -----这个我已搞定

– Configure the host and URL for your Auth Service ---这个应该是IT吧?

– Enable the setting on the users profile in salesforce.com ----这个我能搞定

供应商说需要做custom coding,我想是为了Configure the host and URL for your Auth Service的,但是IT不知道要做code,说不知道怎么code。

我有sample code:

Sample Request

<?xml version="1.0" encoding="UTF-8" ?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<Authenticate xmlns="urn:authentication.soap.sforce.com">
<username>sampleuser@sample.org</username>
<password>myPassword99</password>
<sourceIp>1.2.3.4</sourceIp>
</Authenticate>
</soapenv:Body>
</soapenv:Envelope>

我觉得有了sample,IT应该能够搞定吧?更多精彩文章及讨论,请光临枫下论坛 rolia.net
(#5223975@0)
Last Updated: 2009-4-27
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / 学科技术讨论 / Single Sign On的实施--请大侠指点 -wscn008(隐者); 2009-4-27 {1035} (#5223975@0)
    本文发表在 rolia.net 枫下论坛公司用web based的CRM,现在考虑实施SSO。
    我把得到的帮助文档都转给了IT,但是IT搞不明白:

    Enabling delegated authentication is easy:
    – Open a case with support asking for Delegated Authentication to be turned on for your “org” -----这个我已搞定

    – Configure the host and URL for your Auth Service ---这个应该是IT吧?

    – Enable the setting on the users profile in salesforce.com ----这个我能搞定

    供应商说需要做custom coding,我想是为了Configure the host and URL for your Auth Service的,但是IT不知道要做code,说不知道怎么code。

    我有sample code:

    Sample Request

    <?xml version="1.0" encoding="UTF-8" ?>
    <soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Body>
    <Authenticate xmlns="urn:authentication.soap.sforce.com">
    <username>sampleuser@sample.org</username>
    <password>myPassword99</password>
    <sourceIp>1.2.3.4</sourceIp>
    </Authenticate>
    </soapenv:Body>
    </soapenv:Envelope>

    我觉得有了sample,IT应该能够搞定吧?更多精彩文章及讨论,请光临枫下论坛 rolia.net
    • 供应商是对的,要是程序原来的就没有考虑使用SSO,就得重新设计和开发authentication/authorization机制。如果你们的IT只是系统管理而不做开发,让他们实现就为难他们了。 -tjhong(我检讨); 2009-4-27 (#5224068@0)
      • IT新招了一个,目前是专门解决这个问题的。他做了changepoint的SSO,cognos的SSO,但是salesforce的SSO好像要求有些不同,他是按照他自己的理解来做salesforce的SSO,而不是按照salesforce提供的guide来做。 -wscn008(隐者); 2009-4-27 {82} (#5224366@0)
        我觉得至少该仔细看看salesforce提供的implementation guide吧,怎么能按自己的想象呢?
    • As different applications and resources support different authentication mechanisms -deep_blue(BLUE); 2009-4-27 {827} (#5224599@0)
      1. As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication. Therefore the SSO should consider not only the CRM of Salesforce but also other systems.
      2. As SSO provides access to many resources once the user is initially authenticated, it increases the negative impact in case the credentials are available to other persons and misused. Therefore, SSO requires an increased focus on the protection of the user credentials, and should ideally be combined with strong authentication methods, e.g., smart cards.
      3. BTW, there are many CRM systems from different vendors, such as SAP, Microsoft, NetSuite, Infusion, Maximizer, And so on. Salesforce is only one vendor.
      • 谢谢。IT好像是用active directory来实现用户认证的,已经实现了changepoint和cognos的SSO。但是现在要做salesforce了,却发现有code的问题,IT不懂怎么code。IT也不知道token的说法。 -wscn008(隐者); 2009-4-27 {1189} (#5224844@0)
        本文发表在 rolia.net 枫下论坛我是门外汉,但是我觉得salesforce的这些说明对于一个内行,应该是很清楚了,IT现在不懂,就把问题往外推。

        还有,同一台电脑2个用户怎么实现SSO,比如,我有一个管理员账号,还有一个测试账号,都是用一台电脑登录,怎么认证?

        还有其他桌面程序,比如excel,outlook登录salesforce的程序,怎么实现SSO,这些salesforce都有说明。但是IT根本不看这些,而是按照自己对SSO的理解,作了一个LDAP,我觉得思路都不清晰。

        Build vs. Buy Considerations:
        – Salesforce.com provides tools and sample code for SSO,
        but some work and quite a bit of technical knowhow is
        involved in building a SSO solution from scratch.
        – A custom SSO solutions also requires maintenance.
        – Ping & TriCipher provide out-of-the-box solutions to help
        accelerate implementation and reduce the amount of
        custom code to support.


        NOTE: Username/password credentials are passed to Salesforce.com. No matter
        how secure SFDC may be, many large companies will have issues with this. To get
        around this issue, many companies adopt SSO as depicted in the next slide

        NOTE: This scheme avoids corporate username/password credentials from getting
        passed to SFDC. Only the username and generated token are passed to SFDC.更多精彩文章及讨论,请光临枫下论坛 rolia.net
        • 如果你不是内行,你在rolia上问来的方法你也没有办法把它变成现实,还要依靠IT. 最关键的是你的供应商,基本上看来你的供应商是准备扎你一笔拉。 -kevin_tor(KFC); 2009-4-27 (#5224864@0)
          • salesforce不做这个,有partner提供方案。我只是觉得IT的人做事情有点奇怪,有现成的guide不看,硬是按自己的经验或理解来做。 -wscn008(隐者); 2009-4-27 (#5225028@0)
            • 你如果不是内行, 最好不要好奇. 如果这是你负责的, 没事就去拜拜菩萨, 会有好处的. 然后每周要求报告进度. 如果打不到进度就开除. -oceanwater(灌水日月长); 2009-4-27 (#5225205@0)
        • Don’t expect IT person can do any thing of IT. -deep_blue(BLUE); 2009-4-28 {513} (#5226349@0)
          1. Don’t expect IT person can do any thing of IT. I’m in IT professional. But I know little about networking. I know nothing about Salesforce. Are you sure you know every aspects in your fields?

          2. Since Changepoint and Cognos can conduct SSO by LDAP in active directory, why not Salesforce’s CRM. If not, we should say it’s not good product.

          3. If it’s by active directory, the accessing account is based on log in account rather than computer. In my understanding, it’s what you need, isn’t it?
          • Normally when SSO is discussed, it is the issue for systems which are all inside enterprise's Intranet. There is no standard SSO method for systems, of which some may sit outside Intranet, some may sit inside.......??? -nicetomeetyou(_); 2009-4-28 (#5226361@0)
          • Since Changepoint and Cognos can conduct SSO by LDAP in active directory, why not Salesforce’s CRM. If not, we should say it’s not good product. ? -wscn008(隐者); 2009-4-28 {579} (#5226448@0)
            changepoint and cognos are both in-house applications, but salesforce CRM is web-based --- SAAS, this is the big difference.
            • It depends. MS’s CRM is also a web based application. It has no trouble to get active directory credentials. -deep_blue(BLUE); 2009-4-28 (#5226512@0)
    • 许多公司用vintela. -guest1(guest); 2009-4-27 (#5225186@0)
    • 找到这篇用OpenSSO的,步骤很详细,只是federated authentication,我们想用delegated authentication. -wscn008(隐者); 2009-4-28 (#5226226@0)
    • 搞不懂,凭啥要用这个Salesforce做SSO,既然要写代码,我上躺厕所的时间就可以自己写一个自己的安全机制了。就是说,你们现有的程序都得修改(写customer code--供应商语)来用Salesforce,看连接里的"sample code for .NET"。 -tjhong(我检讨); 2009-4-28 (#5226520@0)
      • 如果是内部用(intranet),不用这样脱裤子放P的,就用你们新招的IT人的思路:active directory -tjhong(我检讨); 2009-4-28 (#5226568@0)
        • 我们现在是想针对salesforce实现SSO。我前面说的供应商就是salesforce。那个链接我提供给IT了,他们看不太懂。他们能做的就是inhouse的SSO,就算是用active directory,SAAS的SSO好像不同 -wscn008(隐者); 2009-4-28 (#5226755@0)

More Topics

  • 现在社区游泳池招救生员巡逻,过一会还要不停的点人头,这工作是否很快就被AI代替了,装一个摄像头后面是AI处理系统,这样只招一个等着救人就行了,人头沉下水一定时间立马强光照射,还可以分析水下人的状况来判断是否溺水等
  • 新冠疫苗引发心肌炎? 最新研究这样看
  • 这道几何题有解吗?
  • SAM 2 Demo
  • 如何在 AWS EC2 实例上构建 WordPress 应用程序?
    • 枫下论坛主坛工作学习学科技术讨论