Quantcast
Viewing all articles
Browse latest Browse all 2504

Authenticating external application using Service Cloud as the identity provider (5 Comments)

Topic by Roger Beggs

Content

I am trying to authenticate using single sign-on by sending this SAML request to Service Cloud:

POST /cgi-bin/rnowgse00137.cfg/php/sso/saml2/idp/post/login.php HTTP/1.1
Host: {sc-host}
Origin: {app-host}
Content-Type: application/x-www-form-urlencoded
Content-Length: nnn

SAMLRequest={saml}&RelayState=some_token

where {saml} is a base64 encoding of this request:

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  ID="_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7" Version="2.0"
  IssueInstant="2018-03-10T15:26:20Z"
  AssertionConsumerServiceURL="https://{app-host}/assertion"
  ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
  Destination="http://{sc-host}/cgi-bin/rnowgse00137.cfg/php/sso/saml2/idp/post/login.php">
  <saml:Issuer>{app-host}</saml:Issuer>
</samlp:AuthnRequest>

But it always returns an HTTP 400 (Bad Request) error with no other information.
Is there something wrong with this request, and how do I know what it is?  Are there any logs that a user can access?

I have validated the request with a third-party tool and tried various other sample requests that I found on the Internet.  Are there any examples of a request that Service Cloud considers valid?

Does it have to have a certificate?  If so, is there a way I can turn this off for initial testing?

Any help much appreciated.

Version

Service Cloud August 2017

Viewing all articles
Browse latest Browse all 2504

Trending Articles