Find your content:

Search form

You are here

Authenticating VF page with 3rd party website


I'm wondering what the best practice is here.

The use case here is the migration of a web application to as a managed package.

It's desirable to keep dev. costs to a minimum here, so we're looking into using a VF page that just embeds a page from the app provider's website.

The only unknown here is how we authenticate users. Currently all users log in to use the web application, however if we embed the page then users will need to log into SFDC and then login to the web app separetly.

We don't have much experience with SSO but from what I've read I don't think it's the right tool for this use case.

Does anyone have any suggestions on how to get around this issue?


Attribution to: Davin Casey

Possible Suggestion/Solution #1

One possible solution is create a site and provide a link to navigate to the URL of the other app where users can enter the credentials of third party app and enter the app

Second is to use customer or partner portal but this will involve licence.

Attribution to: Mohith Shrivastava

Possible Suggestion/Solution #2 (Creating Public Web-Service in Salesforce) Can you use the following approach: make your class global webservice and give access through the site !!!

Not sure if the class can be a global class :( ( not too expert with packaging)

Hope this helps :)

Attribution to: Rao

Possible Suggestion/Solution #3

Will users need a license in addition to purchasing your app on the appexchange? Or are you just looking to figure out whose viewing the app?

For the later I'd just pass their userId and org id back to your webservice and use that as your identifier. An iframe is a quick and dirty way.

<iframe src="{!$User.Id}&orgid={!$}"/>

If you're looking for a little more rigourous control, pass a session id and a api url and then on your side make a call back to salesforce as that user to validate their info.

Of course these days, the usual best practice is to use oauth, but that typically works better when you're an external app that just needs permissions to get access to a user's data.

Attribution to: Ralph Callaway

Possible Suggestion/Solution #4

You can look at the login form for the remote site and see the names of fields that contain userrname and password and pass them in your apex:iframe src parameter. And you typically even do this is you are calling code from the remote server

In this example the field names are username and password ie.

<apex:iframe id="myframe" src="{!Case.Id}&username=myusername&password=mypassword"></apex:iframe>

Attribution to: Ohmicron
This content is remixed from stackoverflow or stackexchange. Please visit

My Block Status

My Block Content