Ruby on Rails

Ian wrote in post #965690:
> We're looking at having our Rails-app clients be able to use a
> SalesForce application and we're aiming for a single-signon solution.
>
> SalesForce supports single-signon via SAML. I've spent a couple days
> reviewing SAML documentation and it's about as clear as mud.
>
> From what I gather, there are Service Providers (applications in non-
> saml speak) and Identity Providers. When a service wants to
> authenticate a user, it sends a request to the identity provider which
> responds with a digitally-signed xml file.
[...]
> But can't my Rails app work as the identity provider? I'd just set up
> a controller to handle the authentication requests from SalesForce. It
> would approve/deny the request and then send back the appropriate XML
> file.

I don't know anything about SAML, but based on what you've so far
explained, this seems entirely reasonable.

>
> That seems simple to me. Almost too simple, which is why I think I'm
> overlooking something. All the SAML documentation I've come across
> talks about the IP as an external system, which makes me think it's
> doing something special that I'm unaware of.

The IP *is* an external system -- external to the SalesForce
application.

Best,
--
Marnen Laibow-Koser
http://www.marnen.org
marnen@marnen.org

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.