[OpenAM] OpenAM using AD to access Salesforce.com
Rob Collins
rob.collins at unit4.com
Wed Jan 4 09:35:41 EST 2012
We want to use OpenSSO for single sign on into Salesforce.com. We followed the instructions here:
http://wiki.developerforce.com/page/Single_Sign-On_with_SAML_on_Force.com
We were able to successfully get SSO working with the demo (embedded) User Store. It worked beautifully.
Now we are trying to configure OpenSSO to authenticate against our AD, but it is not yet working.
Has anyone here got OpenSSO working with AD?
I see failed login attempts in the Security event log of the DC from my IP with username of root. This seems very odd. There are no errors being logged in the Salesforce.com login history, so we think the AD authentication is failing somewhere.
We used the following settings during the OpenSSO config:
User Data Store Type: Active Directory with Host and Port
SSL/TLS Enabled: false
Directory Name: FQDN of a local AD domain controller server.domain.com
Port: 389
Root suffix: dc=subdomain, dc=domain,dc=com (Details changed for security reasons, but trust me, I used the correct ones!)
Login ID: cn=svc-opensso,ou=Users,ou=Location,ou=Locations,dc=subdomain,dc=domain,dc=com (again, some details changed for security reasons)
Password: ****** (come on, you didn't think I'd put it here did you?!)
I have created an AD user with both cn (Full name) and SamAccountName (User logon name) of svc-opensso. This user has read/write access to AD.
Any help much appreciated!
Rob Collins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.forgerock.org/pipermail/openam/attachments/20120104/fa7569cf/attachment.html
More information about the OpenAM
mailing list