Forum Discussion
NimbostratusReusing SAML assertion
I am implementing single sign on with multiple SPs. Here is my basic understanding:
1) Browser(User) requests resource from Service Provider (SP).
2) SP Redirects (with SAML Request) to Identity Provider (IdP - f5 APM).
3) Since it is first login, User gives the (IdP) his/her valid credentials.
4) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page.
Now let's say I have Service Provider A and Service Provider B. A user has completed the step about for Service Provider A. From service provider A (salesforce.com in my scenario), I have written a server-side method which instantiates a callout to an endpoint on Service Provider B (Sharepoint API). Is it possible to re-use the SAML assertion in this case? I.e. will service provider B trust the backend method?
6 Replies
Michael_Koyfma1Cirrus
What do you mean by the back-end method? Is the request/callout initiated from Salesforce.com to SP B? I really would like to see a more detailed description of the flow and the use case here. Thanks!
tharrington_184Yes, the request is initiated from the Salesforce.com server to SP B.- Michael_Koyfma1Unfortunately, it does not look like it will be possible to achieve this.
Michael_KoyfmanCirrocumulus
What do you mean by the back-end method? Is the request/callout initiated from Salesforce.com to SP B? I really would like to see a more detailed description of the flow and the use case here. Thanks!
- tharrington_184Yes, the request is initiated from the Salesforce.com server to SP B.
- Michael_KoyfmanUnfortunately, it does not look like it will be possible to achieve this.
