Ian wrote in post #965690: > We're looking at having our Rails-app clients be able to use a > SalesForce application and we're aiming for a single-signon solution. > > SalesForce supports single-signon via SAML. I've spent a couple days > reviewing SAML documentation and it's about as clear as mud. > > From what I gather, there are Service Providers (applications in non- > saml speak) and Identity Providers. When a service wants to > authenticate a user, it sends a request to the identity provider which > responds with a digitally-signed xml file. [...] > But can't my Rails app work as the identity provider? I'd just set up > a controller to handle the authentication requests from SalesForce. It > would approve/deny the request and then send back the appropriate XML > file.
I don't know anything about SAML, but based on what you've so far explained, this seems entirely reasonable. > > That seems simple to me. Almost too simple, which is why I think I'm > overlooking something. All the SAML documentation I've come across > talks about the IP as an external system, which makes me think it's > doing something special that I'm unaware of. The IP *is* an external system -- external to the SalesForce application. Best, -- Marnen Laibow-Koser http://www.marnen.org [email protected] -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
