WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server
-
Upload
wso2-inc -
Category
Technology
-
view
364 -
download
3
Transcript of WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server
![Page 1: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/1.jpg)
Salesforce Single Sign-‐on with WSO2.
Benoy Jose Salesforce Prac:ce Head Marlabs Inc.
![Page 2: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/2.jpg)
Agenda
Courtesy: wso2.com
• Introduc:on • Business Challenge • Technical Challenge • Design • Solu:on op:ons • Summary
![Page 3: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/3.jpg)
Introduc:on
• Why do we need SSO? – Improve produc:vity and reduce support costs – Enhance security and compliance – Improve customer experience
• SSO Intro – IDP ini:ated SSO – SP ini:ated SSO
![Page 4: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/4.jpg)
Iden:ty Provider
Service Provider
Iden:ty Store
Service Provider
![Page 5: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/5.jpg)
Business Challenge
• Enable Single Sign-‐on into Salesforce for employees using ADFS
• Enable Single Sign-‐on into Salesforce customer Portal through exis:ng authen:ca:on process.
• Employees need the ability to log into the portal with their ADFS Id.
![Page 6: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/6.jpg)
Salesforce Portal
Custom Iden:ty Store
Salesforce
Windows ADFS
Partner Employee
![Page 7: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/7.jpg)
Technical Challenge
• To use a single SSO system to solve the business use cases
• Retain the exis:ng authen:ca:on system for business portal for the Salesforce Customer portal
• Design a SSO solu:on that is scalable to support mobile apps through OAuth.
![Page 8: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/8.jpg)
Design
• Design for a consolidated SSO framework for both the requirements
• Custom rou:ng to delegate the authen:ca:on to ADFS and Custom data store.
• Just in :me provisioning
![Page 9: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/9.jpg)
Salesforce Portal
Custom Iden:ty Store
Salesforce
Windows ADFS
Partner Employee
![Page 10: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/10.jpg)
Process Flow
• SSO request received from Service provider is sent to the Authen:ca:on Framework.
• Based on the Service provider config, the authen:cator determines the Local Authen:cator that will handle the request.
• Access request for Salesforce are handled by the AD handler
• Access request for the Salesforce Customer service portal are handled by the CustomUserStoreManager.
![Page 11: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/11.jpg)
Authen:ca:on
Courtesy: wso2.com
![Page 12: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/12.jpg)
Solu:on Op:ons
Courtesy: wso2.com
• Separate SSO solu:ons for Employee SSO and Salesforce portal SSO. – SSO with OpenSSO, Shibboleth for portal. – Delegated Authen:ca:on through AD connector.
• Difficulty to customize the Shibboleth SSO solu:on. • Ability to handle Just in :me provisioning.
![Page 13: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/13.jpg)
Summary
• According to Gartner, by 2016 80% of enterprises will need SSO.
• Planning for a comprehensive SSO strategy as early as possible will save Development and support costs.
• Plan for scalability by using proven standards like SAML, Oauth.
![Page 14: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/14.jpg)
Addi:onal Reading
• SAML Introduc:on: – h\p://wso2.com/library/ar:cles/2014/02/introduc:on-‐to-‐
security-‐asser:on-‐markup-‐language-‐2.0/
![Page 15: WSO2Con USA 2015: Single Sign-on Solutions for Salesforce with WSO2 Identity Server](https://reader034.fdocument.pub/reader034/viewer/2022042722/58a132911a28abd34f8b5a71/html5/thumbnails/15.jpg)
Thank You