I have no Access Control Service (ACS) installed, but I've seen on some online video demo that Salesforce is not in the list of available pre-installed identity providers. Salesforce can be configured as IdP (standard SAML 2.0 is used). Can I setup ACS so that I can use Salesforce as identity provider? Thanks
问题:
回答1:
I haven't personally used a SAML 2.0 token provider, but it's official description says that ACS supports SAML 2.0 tokens. A list of supported protocols are OAuth 2.0, WS-Trust, and WS-Federation (as by official statement).
Also, there is no currently automated (with user interface) way to add identity providers that are out of predefined in the ACS. You can however use the ACS cmdLets to manually add IPs that have a supported protocol. Here is a Vittorio's blog that shows how to add an openID provider.
If you can configure the SalesFores as IdP with the use of SAML 2.0 tokens, you just to identify the protocol - is it OAuth, is it WS-Trust of WS-Federation, and execute a PowerShell command which would look something like this:
PS:\>Add-IdentityProvider –Namespace "myacsnamespace" –ManagementKey "XXXXXXXX" -Type "Manual" -Name "SalesForce" -Protocol OAuth –SignInAddress "http://www.your_salesforce_site.com/sign-in-url"
The list of supported protocols for this command is: WsFederation, OAuth, OpenId, WsTrust. So the SalesForce IdP configuration must use some of those protocols with SAML 2.0 tokens and it must work. I think it's the OAuth as by this wiki.
Hope this helps!