SAML 2.0 SSO Configuration
- Former user (Deleted)
- Howard Gilbert
Login as Administrator
Setup (under your username) -> Security Controls (Left Nav under Administrative Setup) -> Single Sign-on Settings
Click the edit button, then check the SAML enabled box.
There are three instances of Shibboleth at Yale (production, test, and development). Changes to production take time to schedule, while test can be updated in an hour and development can be updated in minutes. To avoid delay, you may want to configure a new application to use test Shibboleth (on auth-test.yale.edu) right now and reconfigure it to use production Shibboleth after there has been time to refresh the production instance. If your application also has development and test instances you might configure them to use dev and test Shibboleth. However, if you just want to configure once and you have only one Salesforce instance, then use production (auth.yale.edu) and be prepared to wait until the next change management cycle updates production Shibboleth.
Enter the following information (but change "auth" to "auth-test" or "auth-dev" if linking a test or development application to Shibboleth's test or development instance):
Option |
Value |
|---|---|
SAML Version |
2.0 |
Identity Provider Certificate |
get it here: |
Identity Provider Login URL |
|
Custom Error URL |
leave empty |
SAML User ID Type |
Assertion contains the Federation ID from the User object |
SAML User ID Location |
User ID is in the NameIdentifier element of the Subject statement |
Entity Id |
|
Issuer |
|
Identity Provider Logout URL |
leave blank |
It should look like this..
SAVE!
Please email your entire "Salesforce.com Login URL" to idp.yale@panlists.yale.edu, ITS needs this url to add to the IdP for SSO to work. This will take a short amount of time to push to the production IdP so please request this a few days before the site go live date.
Thats it... almost... check out how to manage access to the site to select netids, here.