Posted by Lloyd on April 21, 2010 at 7:51am
I'm trying to figure out how to enable single sign on so that logged in users can access the SFDC self-service portal (included in a page on our site via an iframe) without having to login a 2nd time using SFDC-specific credentials. I guess I also have to sync Drupal credentials and SFDC SSP credentials.
I've been searching desperately but can't find any solutions. Does anybody have any experience with this and can help and/or point me in the right direction?
Thanks.
Categories: Salesforce
Comments
You can try
In my experience this is near impossible and you probably will not like the solution you will get. You can use an iframe OR craft a url that passes the arguments to the form which is bad.
Syncing passwords is an epic journey, you would have to some issues. One, you will have to intercept the users password in Drupal before it gets hashed and placed in the database. Two you will have to call through the API setPassword() and selfServiceUser() to get it all setup.
Personally, I have tried in the past to make this flawless and not look like SF and I could not get a solution I could live with. If your user refreshes an iframe for example it logs them out....
I think it may be more time efficient to use email-to-case(either make your own form in Drupal or use the embedded one) and query cases submitted by the user.
Thanks for the feedback. My
Thanks for the feedback.
My objectives with this are primarily around displaying cases to the user (both open and closed) and allowing them to retrieve attachments and post new comments. I'm using several forms for web-to-case. So I'm not tied into the SSP as a solution if there's another way.
Is it possible then to (I guess using Salesforce API) to retrieve and display cases based upon userid / email? I guess that sounds fairly straightforward. But what about retrieving attachments and posting new comments?
Basically, it seems like you're suggesting to provide this solution outside of the SSP by tying Drupal directly into SFDC via the API. Right? I'm just not familiar with what functionality I would have if we went down that route.
Thanks again.
Looks like we should build a new module
Hi Lloyd,
One of clients has requested that I provide him this functionality as well. To the best of my knowledge the Salesforce API works with a different protocol and a different set of actions to integrate with Drupal.
Self-Service Portal uses it's own toolkit:
http://wiki.developerforce.com/index.php/Self-Service_Portal_Toolkit_for...
As opposed to the toolkit used in the Sales Force Api Module:
http://wiki.developerforce.com/index.php/PHP_Toolkit
But from google-ing that might be dead in the water
It looks like a new module will have to be coded from scratch. I would love to collaborate with you on the project if you're interested.
no need for self-service portal toolkit
Hi,
I also want this functionality, but I think you will find there is no self-service portal toolkit, and there is no need for a toolkit which is specific to the self-service portal. The self-service portal just creates cases, allows customers to add case comments, search cases, attach files to cases etc. This can all be done using the salesforce API which is same API used by the existing salesforce drupal module.
So, perhaps a new Drupal module is needed, which uses the existing salesforce module to copy data to salesforce when updated in drupal. This will make sure that cases and case comments are in sync between salesforce and drupal. There are many existing support modules for Drupal, and if salesforce cases and comments were synchronised with drupal objects, it might be possible to use these existing modules to provide the UI. Then, if a comment is added to a case/ticket in drupal, this comment would be copied to salesforce and related to the case being updated in salesforce. The same needs to be done so that cases in salesforce can be updated and comments added, and these updates are then copied to drupal.
To start, I think it would be required to setup a way for a customer to authenticate themselves when logging onto the drupal website, so that there is a high degree of confidence that the user logged onto the website is the same user with same name, email, company name etc. as in salesforce. Then, it would be possible to search for cases assigned to the users company and maybe to the user who is logged on, and allow the user to interact with those cases in the drupal website. This approach would avoid password sync and would allow a support portal to be coded in a drupal module that completely replaces and enhances the functionality included in the existing salesforce self service portal.
I hope this helps ?
Thanks,
Tim
Sorry I have not answered, I
Sorry I have not answered, I have been extremely busy after a trip. You will find that the Salesforce portal integration is just an extension of the PHP one and really won't integrate as seamlessly as advertised.
A new module is a bit of a far step. I think everyone should be talking to the current maintainer and adding functionality to that module itself or through a sub module. Individual efforts are well mundane in the long run.
Through the API you can achieve most of the functionality of the portal. The issues begin at when you use the API alot of the triggers like when you create a case, who does it get assigned to.. won't run and they have to be created. Secondly, if your doing this all real time with no queuing you will run into Salesforces API limits.
What fun!
Ok..
Hi Ron,
Thanks for the reply.
I agree that an individual effort is not the solution. I was thinking more in the line of a sub_module that would integrate with the current salesforce api module.
Aaron Bauman (one of the maintainers) replied to Lloyd's question regarding the matter on the issue queue http://drupal.org/node/774246.
I'm going to follow Aaron's suggestion and see what I hack together with the api and current sub modules.
Is there a way to see how many api calls are being sent from drupal? or just from the salesforce side?
What about all the ldap stuff and delegated and federated authenitcation. Has anyone had success implementing that kind of functionality?
Also has anyone had experience with visual force?
Best regards
API calls
You can probably track API calls if you have access to the logs on the server because your using SOAP to connect to SF. The other thing is that you could add in a watchdog hook to whatever code you were running in conjunction with the SF Drupal module (not sure if this has been done)
I have used Visualforce for one of my employers, personally its like SF - if you get my meaning. Anything you can do externally might be better since you have more control over what gets done.
Well integrated
Hi Everyone,
Ron,
thanks for your updates. I'll poke around the server logs and see what is there.
I actually have no clue what you mean. Could you elaborate one the visual force. I'm very confused about salesforce in general. Were you able to pass the user's to the visualforce page so he didn't have to sign in again?
Llyod, I used hook_user to print out the account of a drupal user who is mapped to a salesforce user as soon as the user logs in drupal has his credentials via the api module. So depending on what you want accomplish the api module may still be relevant (as Aaron suggested in the issue que, and Tim mentioned earlier.)
Anyway, I'm going to keep digging and I'll see what else I can find.
Any played with the Federated and Delegated authentication?
Did you get this solved?
I'm looking for the same functionality in Drupal 7. Did you ever solve this?
No solution
Currently there exists no stable way of implementing single signon for Drupal 7 and Salesforce. With "Salesforce Suite" (and perhaps some other modules) you might synchronize users, but that's not single signon.
http://wiki.developerforce.com/page/How_to_Implement_Single_Sign-On_with... mentions three sso methods for salesforce: LDAP, Active Directory and SAML, where Active Directory is based on LDAP.
for Drupal 7 (unstable):
LDAP: https://drupal.org/project/ldap
SAML: https://drupal.org/project/simplesamlphp_auth
for Drupal 6 (stable. I did not try these):
LDAP: https://drupal.org/project/ldap_sso
SAML: https://drupal.org/project/simplesamlphp_auth
Discusssion
https://drupal.org/node/1242786 reports that LDAP (https://drupal.org/project/ldap (unstable)) works well for Drupal 7. However, on the latter link I see an open crictical security bug.