Does Azure ACS support saml 2.0 IdPs like Salesforce? - McMap

About

Does Azure ACS support saml 2.0 IdPs like Salesforce?

Asked 10/1, 2012 at 22:42 Answered 11/1, 2012 at 8:40

azure salesforce single-sign-on acs saml-2.0

S

1

7

I have no Access Control Service (ACS) installed, but I've seen on some online video demo that Salesforce is not in the list of available pre-installed identity providers. Salesforce can be configured as IdP (standard SAML 2.0 is used). Can I setup ACS so that I can use Salesforce as identity provider? Thanks

Spoils answered 10/1, 2012 at 22:42 Comment(0)

L

3

I haven't personally used a SAML 2.0 token provider, but it's official description says that ACS supports SAML 2.0 tokens. A list of supported protocols are OAuth 2.0, WS-Trust, and WS-Federation (as by official statement).

Also, there is no currently automated (with user interface) way to add identity providers that are out of predefined in the ACS. You can however use the ACS cmdLets to manually add IPs that have a supported protocol. Here is a Vittorio's blog that shows how to add an openID provider.

If you can configure the SalesFores as IdP with the use of SAML 2.0 tokens, you just to identify the protocol - is it OAuth, is it WS-Trust of WS-Federation, and execute a PowerShell command which would look something like this:

PS:\>Add-IdentityProvider –Namespace "myacsnamespace" –ManagementKey "XXXXXXXX" -Type "Manual" -Name "SalesForce" -Protocol OAuth –SignInAddress "http://www.your_salesforce_site.com/sign-in-url"

The list of supported protocols for this command is: WsFederation, OAuth, OpenId, WsTrust. So the SalesForce IdP configuration must use some of those protocols with SAML 2.0 tokens and it must work. I think it's the OAuth as by this wiki.

Hope this helps!

Lithotrity answered 11/1, 2012 at 8:40 Comment(9)

Note that, in general, all these protocols have different purposes. They are not interchangeable. e.g.: WS-Trust is for SOAP web services, WS-Federation is for Web sites. Even if they reuse the token format. – Fasano 11/1, 2012 at 16:45

I'm confused. As I know SAML 2.0 standard is not only about token format, it's a protocol too, it describes communication rules the same way WS-Federation, OAuth and OpenId do, so that it's self-sufficient. I think Salesforce as IdP uses SAML 2.0 only, at least there is nothing about this protocols on Salesforce.com: login.salesforce.com/help/doc/en/identity_provider_about.htm. It just says it supports SAML 2.0. Does it mean I can not use Salesforce in ACS? – Spoils 12/1, 2012 at 0:3

I really want to see the input from someone from Microsoft's Identity team here. @YMC, did you check this wiki: wiki.developerforce.com/page/… which describes that they are layering SAML AND OAuth, which might be the oslution for ACS. – Lithotrity 12/1, 2012 at 10:9

I've took a look at it, it's interesting article, but it does not guarantee me I can reach the desirable result spending couple of days or so on exploring ACS features. I hoped there was a straightforward way to add any arbitrary saml 2.0 IdP in ACS, looks like there is not. Ok, anyway it is a result and helpful to know. Thanks for info, +1 – Spoils 12/1, 2012 at 19:15

@Spoils did you ever get this working? I have to integrate a SAML2.0 IdP with ACS as well and looking to find a way. In my case, it's an OpenAM IdP. – Farley 19/10, 2012 at 11:2

I tried this, not through the cmdlets but through the ManagementServiceWrapper classes defined in the code accompanying this guide from Microsoft msdn.microsoft.com/en-us/library/ff423674.aspx. I got the error message ' The value specified for the field 'IdentityProvider_ProtocolType' is not valid.' for OAuth. Seems like you can only really use ACS with ADFS or Facebook etc for the IdP and bespoke applications for the RPs. – Contrapositive 30/1, 2013 at 15:17

For all the down voters: If you think anything is wrong, you can post a new answer or a comment! And pay attention the time and date the question has been answered! – Lithotrity 23/5, 2013 at 18:53

Its 2016... and i still have the same question... Did someone tried and was successful? – Arabele 13/6, 2016 at 18:22

@Wali, as you noted, its 2016 and thus ACS is on "stand by", there is Azure AD, which has direct and full integration with SalesForce and more than 2000 other cloud SaaS applications. On the other hand there is Azure AD B2C Preview, which handles the roles ACS was playing. For both the services you can your favorite search engine to find out more. – Lithotrity 15/6, 2016 at 5:42

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.