After successfully installing the UltimateSaml for SAML v2.0 setup package you will see ten web sample projects in the folder WebFormsC# for C# and WebFormsVB.NET for VB.NET (By default UltimateSaml is installed in folder C:\ComponentPro with Vista, 2008 and above, C:\Program files\ComponentPro with XP, 2003, 2000). This sample demonstrates Single Sign-on (SSO) with Salesforce in ComponentPro SAML Library. It acts as the Identity Provider while Salesforce is the Service Provider. To run this web sample project, open the solution file Saml2_Salesforce_WebDemo.XXXX.sln for C# or Saml2_Salesforce_WebDemoVB.XXXX.sln for VB.NET, and then select Saml2Salesforce.IdentifyProviderWebDemo.
Configuring the Salesforce Identify Provider Web Application
You can easily configure the ID Provider web application by modifying the settings within its web.config file’s <appSettings> section:
- SalesforceUserId: The Salesforce account.
- SalesforceLoginUrl: The Salesforce login URL. No need to change this value.
- ServiceProviderUrl: The target URL of the service provider web application. No need to change this value.
- CertificateIssuer: The certificate issuer name. This value must match the issuer name of the certificate submitted to Salesforce.
- EntityId: Used to create an audience for a SAML response. No need to change this value.
Configuring Salesforce to work with your Identity Provider
To enable and configure single sign-on in Salesforce, you can follow the following steps:
- Login to Salesforce.
- Click on the Setup link, you should then be redirected to the Personal Setup page.
- Expand the Security Controls in the Adminsitration Setup menu, and select Single Sign-On Settings.
- Click on the Edit button.
- Choose SAML 2.0 as the SAML Version.
- Upload the Identity Provider Certificate if needed. If you wish to test the Identity Provider sample app, you will need to upload the certificate file named SP_X509Certificate_ForSalesforce.cer.
- You should select Assertion contains User’s salesforce.com username for the SAML User ID Type option, and User ID is in the NameIdentifier element of the Subject statement for the SAML User ID Location.
- Fill in the Identity Provider Certificate Name.
- Click on the Save button.
Testing the Identify Provider Web Application using UltimateSaml Library
This sample is configured to run at port 33181 (you can easily change the port number in the project property page). The ComponentPro identity provider web application, in conjunction with Salesforce, demonstrates IdP initiated single sign-on. Firstly, you can login to the local system with the user name salesforce and a password of password:
- Click on the Login button.
- Click on the link “here”. You should then be presented with the Salesforce Account page.
You have successfully completed a SAML 2.0 Single Sign-On and are logged in at the Service Provider with your Salesforce user name.
If you need to setup Google SSO, please visit topic Setting up Google SSO to work with Ultimate SAML.