Salesforce Changes for Delegated Authentication

Written by ShamrockCRM on April 1, 2009 – 9:35 pm

It’s always frustrating when Salesforce changes something in their live product and doesn’t follow through with an update to their developer wiki.  Recently, I had the task of creating a delegated authentication (Single Sign On) deployment for a Fortune 50 company, and was perturbed to discover the sample code was no longer applicable to the production Salesforce.

The provided .NET sample code includes the following code in gotosfdc.aspx:

<form action=”https://www.salesforce.com/login.jsp” METHOD=”POST” name=”sfdc”>
<input type=”hidden” name=”un” runat=”server” id=”username”>
<input type=”hidden” name=”pw” runat=”server” id=”token”>
<input type=”hidden” name=”startURL” runat=”server” id=”startURL”>
<input type=”hidden” name=”logoutURL” runat=”server” id=”logoutURL”>
<input type=”hidden” name=”ssoStartPage” runat=”server” id=”ssoStartPage”>
<input type=”hidden” name=”jse” value=”0″>
<input type=”hidden” name=”rememberUn” value=”1″>
<script language=”Javascript1.2″>
document.aspPostForm.jse.value = 1;
</script>
</form>

This is very close. However, at some point, Salesforce changed their login page parameters.  If you want this sample code to actually work for you, you need to change it to the following:

<form action=”https://www.salesforce.com/login.jsp” METHOD=”POST” name=”sfdc”>
<input type=”hidden” name=”username” runat=”server” id=”username”>
<input type=”hidden” name=”pw” runat=”server” id=”token”>
<input type=”hidden” name=”startURL” runat=”server” id=”startURL”>
<input type=”hidden” name=”logoutURL” runat=”server” id=”logoutURL”>
<input type=”hidden” name=”ssoStartPage” runat=”server” id=”ssoStartPage”>
<input type=”hidden” name=”jse” value=”0″>
<input type=”hidden” name=”rememberUn” value=”1″>
<script language=”Javascript1.2″>
document.aspPostForm.jse.value = 1;
</script>
</form>

Either the login textbox was never called “un” and it’s always been  “username” or they changed it.  I spent a little while scratching my head with this, so hopefully this saves you some debugging time!


Tags: , , , , ,
Posted in Salesforce.com, security | 1 Comment »