Send SAML Assertion from SalesForce to Connected App

0
votes

So I've added a connected APP to SalesForce. The connected app links to an external web application.

When a user clicks on connected app via App Launcher or top right corner drop down, this is what I would like to happen:
1: SalesForce forwards session SAML Token or SAML Request to external application SAML endpoint / Identity Provider
2: External Web Applications SAML endpoint / Identity provider authenticates SAML Token or request
3: External Applications receives SAML Assertion and validates. Logs user into External Application.

Is this possible?

Alternatively, maybe it's possible for this workflow to work if SalesForce is used as the Identity Provider in Step 2?

Thanks

2
salesforcesingle-sign-onsaml-2.0

2 Answers

0
votes

If SalesForce is used as the SAMLv2 IdP (Identity Provider - issuing party) then this is possible. Your app will act as the SAMLv2 SP (Service Provider - relying party). Authentication always happens at the IdP in Web SSO. Only if account linking is performed (when you have different identity silos), then authentication happens on both entities, otherwise the identities can not be linked.

0
votes

The link provided by Bernhard gave me the info I needed to post SAML Assertion from my connected app to my external application.

https://developer.salesforce.com/docs/atlas.en-us.identityImplGuide.meta/identityImplGuide/identity_google_connapp.htm