Access Control with SP and IdP Initiated SAML SSO to SalesForce.com

Technical Summary
Forum Sentry provides IdP and SP initiated SAML to enable authentication via Web SSO with SalesForce.com (among any other 3rd party system than can communicate via SAML).

Sentry Technology Components Used
This use case utilizes the following technology components that are available and integrated with the Forum Sentry product.

Protocol Policies HTTP, HTTPS
Content Policies HTML, SAML
Mediation Policies Protocol Header Mapping, SAML Assertion Mapping
Security Policies SSLv3, XML Threat Prevention, Antivirus, XSD Validation
Task Policies Conditional Processing, SAML Generation, HTTP Redirects
Identity Policies Kerberos KDC, OpenSSO
Governance Policies Authorization failure, Authentication Failure


Use Case Description

Corporate uses have tokens for access to SalesForce.com per SAML SSO profile API integration. The internal users need to have access control and roles applied prior to being granted access the the SalesForce.com site.

Forum Sentry provides integrated support for 1-factor, and 2-factor SAML SSO IdP-Initiated and SP-Initiated identity integrations.

Salesforce.com is configured for SAML SSO with redirect URL pointed to Forum Sentry. Sentry accepts the redirect, authenticated the user against on-board protocol authentication mechanism (X.509 mutual auth, Basic Auth, Kerberos Auth, NTLM Auth, Form Post Auth, Digest Auth) and then generated SAML SSO token with a redirect to the user’s browser (from PC, Tablet, or Mobile Computing Device) for seamless authentication to Salesforce.com (or other 3rd party site).