October 4, 2019 § Leave a comment
Documenting this in a blog post because it drove us crazy trying to figure out exactly what was involved, even though it was actually easy to implement once we understood all the terminology.
In order for our previously-authenticated users to automatically log into Salesforce, we needed to:
- Create a “/sso-url” on our node server for our web app to access
- When our web app GETs that URL, create and a return a SAML Identity Provider (IdP) using
- That IdP is interpreted by the web browser a redirect to the Salesforce URL (returned by the function assigned to `getPostURL`)
- Salesforce just needs to have the IdP certificate and Entity ID in its SSO Settings
Below are additional details on why we needed this.