问题描述
我正在尝试从我的 Java Web 应用程序连接到 salesforce.我希望我的应用程序充当 Idp,而 salesforce 充当 SP.但是,我需要帮助将断言发送给 salesforce.请帮忙!!
I am trying to connect to salesforce from my java web application. I want my application to act as an Idp and salesforce as SP. However I need help to send assertion to salesforce. Please help!!
推荐答案
问题 1:我希望我的应用程序充当 Idp,而 salesforce 充当 SP.
Question 1: I want my application to act as an Idp and salesforce as SP.
答案:
(I) 您应该使用 Java Web 应用程序实现 SAML IdP.
Answer:
(I) You should implement SAML IdP with your Java web application.
(II) 为了在您的生产环境中快速部署 SAML IdP,强烈建议利用第三方 SAML IdP(例如 Shibboleth IdP).然后,您就有足够的时间为您的 Java Web 应用程序开发自己的 SAML IdP.
(II) For quick deployment of SAML IdP on your production environment, leveraging third-party SAML IdP (such as Shibboleth IdP) is highly recommended. Then you have sufficient time to develop your own SAML IdP for your Java web application.
我们开发了以前版本的零密码身份验证和Java 中的授权系统,并利用 Shibboleth IdP 为企业应用程序提供 SAML SSO.
We developed our former version of Zero-Password Authentication and Authorization System in Java and leveraged Shibboleth IdP to provide SAML SSO for enterprise applications.
我们开发了当前版本的零密码身份验证和授权系统在 Scala 中具有可扩展性和高可用性,可为没有 Shibboleth IdP 的企业应用程序原生提供 SAML SSO.
We developed our current version of Zero-Password Authentication and Authorization System with scalability and high availability in Scala to provide SAML SSO natively for enterprise applications without Shibboleth IdP.
(III) 如何使用Docker构建和运行Shibboleth SAML IdP和SPGitHub 存储库中的容器提供了有关使用 Shibboleth SAML IdP 和 OpenLDAP 在 Java 中为 SAML 构建自己的 IDP 的说明.
(III) How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provides the instruction on building your own IDP for SAML in Java using Shibboleth SAML IdP and OpenLDAP.
Shibboleth SAML IdP 负责身份联合.
Shibboleth SAML IdP is responsible for identity federation.
OpenLDAP 负责身份验证.
OpenLDAP is responsible for identity authentication.
(IV) 我已经验证了运行 Docker 的 Shibboleth SAML IdP(身份提供商)和 OpenLDAP 为以下企业应用程序提供的 SAML 单点登录 (SSO).换句话说,我利用运行 Docker 的 Shibboleth SAML IdP 和 OpenLDAP 成功登录到以下企业应用程序.
(IV) I have validated SAML Single Sign-On (SSO) provided by Docker-running Shibboleth SAML IdP (Identity Provider) and OpenLDAP for the following enterprise applications. In other words, I leveraged Docker-running Shibboleth SAML IdP and OpenLDAP to log in to the following enterprise applications successfully.
Microsoft Office 365
Google G Suite
Salesforce
Dropbox
Box
Amazon AWS
OpenStack
Citrix NetScaler
VMware vCloud Director
Oracle NetSuite
(V) 为方便起见,我已进行第 8 次提交,将 Salesforce SP 元数据和相应的 SAML 配置上传到 如何使用 Docker 容器构建和运行 Shibboleth SAML IdP 和 SP.
请注意我已登录 Salesforce 组织example.com"帐户(https://example.my.salesforce.com) 用户名[email protected]"成功使用 Shibboleth IdP 与 Docker 容器一起运行.
(V) For your convenience, I have made the 8th commit to upload the Salesforce SP metadata and corresponding SAML configuration to How to build and run Shibboleth SAML IdP and SP using Docker container.
Note that I have logged in to Salesforce organization "example.com" account (https://example.my.salesforce.com) with username "[email protected]" successfully using Shibboleth IdP running with Docker Container.
通过执行以下 Shibboleth SAML IdP 配置程序,您可以登录您的 Salesforce 组织your-company.com"帐户(https://your-company.my.salesforce.com) 和您的用户名(例如[email protected]").
By performing the following Shibboleth SAML IdP configuration procedure, you can log in to your Salesforce organization "your-company.com" account (https://your-company.my.salesforce.com) with your username (such as "[email protected]").
(V.a) 从 GitHub 存储库下载构建和运行 Shibboleth SAML IdP 的源代码.
(V.a) Download the source code of building and running Shibboleth SAML IdP from GitHub repository.
$git clone https://github.com/winstonhong/Shibboleth-SAML-IdP-and-SP
(V.b)替换shibboleth-idp-dockerized/ext-conf/metadata/sp-salesforce-com.metata"以及从您的 Salesforce 组织帐户下载的 Salesforce SP 元数据.
(V.b)Replace "shibboleth-idp-dockerized/ext-conf/metadata/sp-salesforce-com.metata" with your Salesforce SP metadata downloaded from your Salesforce organization account.
(V.c) 编辑shibboleth-idp-dockerized/ext-conf/conf/relying-party.xml"以替换SAML SP entityID "https://example.my.salesforce.com" 和 "https://your-company.my.salesforce.com"
(V.c) Edit "shibboleth-idp-dockerized/ext-conf/conf/relying-party.xml" to replaceSAML SP entityID "https://example.my.salesforce.com" with "https://your-company.my.salesforce.com"
(Vd) 编辑LDAP-Dockerized-CentOS/users.ldif"以将用户信息[email protected]"替换为您的用户信息[email protected]".
(V.d) Edit "LDAP-Dockerized-CentOS/users.ldif" to replace user info "[email protected]" with your user info "[email protected]".
(Ve) 按照 README 提供的说明(https://github.com/winstonhong/Shibboleth-SAML-IdP-and-SP/blob/master/README.md) 来构建和运行 Shibboleth IdP、OpenLDAP 和 Shibboleth SP.
(V.e) Follow the instruction provided by README (https://github.com/winstonhong/Shibboleth-SAML-IdP-and-SP/blob/master/README.md) to build and run Shibboleth IdP, OpenLDAP and Shibboleth SP.
验证您可以通过 Shibboleth IdP 登录 Shibboleth SP 应用程序.
Validate that you can log in to Shibboleth SP application through Shibboleth IdP.
(Vf) 使用[公共证书模板shibboleth-idp-dockerized/ext-conf/credentials/idp-signing.crt"和shibboleth-idp-dockerized/ext-conf/metadata/"的第二个签名证书idp-metadata.xml"来创建 Shibboleth IdP 的断言签名公共证书.然后您需要将 Shibboleth IdP 的签名证书上传到您的 Salesforce 组织帐户.
(V.f) Use the [public certificate template "shibboleth-idp-dockerized/ext-conf/credentials/idp-signing.crt" and the 2nd signing certificate of "shibboleth-idp-dockerized/ext-conf/metadata/idp-metadata.xml" to create the assertion signing public certificate of Shibboleth IdP. Then you need to upload the signing certificate of Shibboleth IdP to your Salesforce organization account.
(Vg) 按照说明 设置 Salesforce 单点登录供您的内部用户使用您的 Salesforce 组织帐户完成 SAML SP 配置.请注意,为 SAML 身份类型选择断言包含用户的 Salesforce 用户名".
(V.g) Follow the instruction Set Up Salesforce Single Sign-On for Your Internal Users to complete SAML SP configuration with your Salesforce organization account. Note that "Select Assertion contains the User's Salesforce username for SAML Identity Type".
(V.h) 现在您可以通过 Shibboleth IdP 作为 SP 登录到您的 Salesforce 组织帐户.
(V.h) Now you can log in to your Salesforce organization account as SP through Shibboleth IdP.
很容易将 Shibboleth IdP 配置为使用 Java Web 应用程序的相同数据存储/存储库(例如 OpenLDAP 或 MySQL).然后,您的 Java Web 应用程序充当 SAML IdP,无需任何开发任务.
It is easy to configure Shibboleth IdP to use the same data store/repository (such as OpenLDAP or MySQL) of your Java web application. Then you Java web application acts as SAML IdP without any development task required.
(VI) 另一个 StackOverflow 问题 设置新的 Shibboleth IdP 以与现有 SAML SP 配合使用" 提供了有关 Shibboleth SAML 配置的宝贵信息和讨论.
(VI) Another StackOverflow question "Setting up a new Shibboleth IdP to work with an existing SAML SP" provides valuable information and discussions on Shibboleth SAML configuration.
问题 2:不过,我需要帮助才能向 Salesforce 发送断言.
Question 2: However I need help to send assertion to Salesforce.
答案:
按照问题 1 的答案提供的说明,您的 Java Web 应用程序可以利用基于 Java 的 Shibboleth SAML IdP 向 Salesforce 发送断言.
Answer:
Follow the instruction provided by answer to Question 1, your Java web application can leverage Java-based Shibboleth SAML IdP to send assertion to Salesforce.
这篇关于从 Java 连接到 Salesforce 作为 SP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!