Reputation: 437
How to retrieve SAML Response from OpenAM for SalesForce
I got SAML assertion from TrustAuthorityClient API. with below Public API code
securityToken = client.getSecurityToken("default", endpointURL, mexEndpointURL,
(java.lang.Object)ssoToken, SecurityMechanism.STS_SECURITY_URI,
(getServletConfig()).getServletContext());
But this is created with SunSTS. When I test this Assertion to retrieve access token from SalseForce. it gives me invalid Assertion.
Is there any way retrieve SAML response from OpenAM for SalesForce?
When I test IDP initiates SSO with SalesForce. In Debug log I can see SAML Response is created for SSO. How should I retrieve this SAML response from OpenAM?
Upvotes: 1
Views: 1629
Answers (1)
Reputation: 6282
You may need to grab the SAML Response via JavaScript at the front end. The full response will be in a SAMLResponse object after SSO, so your Assertion Consumer Service URL (SP SSO URL) that would receive this would need to check for that parameter, save it and somehow submit to SFDC for OAuth token exchange. Alternatively, take the Assertion from SunSTS and make your SAMLP Response wrapper yourself.
I believe this is due to SFDC implementing an earlier draft of the SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 (see: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-saml2-bearer-10).
The latest draft of that spec does not require the Response wrapper - likely just the Assertion itself from SunSTS will work, provided SFDC updates to support it.
Upvotes: 1
Related Questions
- Create SAML Assertion and Sign the response
- How to create a valid SAML 2.0 Assertion with OpenSAML library in Java
- How to Parse response SAML using openAM
- SAML 2.0 response verification
- OpenAM + Spring Security SAML getting SAML Request is invalid response
- SAML2 SSO Assertion Consumer
- How to validate (azure) saml xml response with opensaml?
- OpenAM Configured SAML Response Encryption
- Checking saml responses in OpenAM
- Composing a SAML2 AuthnRequest for OpenAM