I'm wondering what the best practice is here.
The use case here is the migration of a web application to Force.com as a managed package.
It's desirable to keep dev. costs to a minimum here, so we're looking into using a VF page that just embeds a page from the app provider's website.
The only unknown here is how we authenticate users. Currently all users log in to use the web application, however if we embed the page then users will need to log into SFDC and then login to the web app separetly.
We don't have much experience with SSO but from what I've read I don't think it's the right tool for this use case.
Does anyone have any suggestions on how to get around this issue?
Thanks
Attribution to: Davin Casey
Possible Suggestion/Solution #1
One possible solution is create a Force.com site and provide a link to navigate to the URL of the other app where users can enter the credentials of third party app and enter the app
Second is to use force.com customer or partner portal but this will involve licence.
Attribution to: Mohith Shrivastava
Possible Suggestion/Solution #2
http://forceguru.blogspot.in/ (Creating Public Web-Service in Salesforce) Can you use the following approach: make your class global webservice and give access through the site !!!
Not sure if the class can be a global class :( ( not too expert with packaging)
Hope this helps :)
Attribution to: Rao
Possible Suggestion/Solution #3
Will users need a license in addition to purchasing your app on the appexchange? Or are you just looking to figure out whose viewing the app?
For the later I'd just pass their userId and org id back to your webservice and use that as your identifier. An iframe is a quick and dirty way.
<apex:page>
<iframe src="yourapp.com?userid={!$User.Id}&orgid={!$Organization.id}"/>
</apex:page>
If you're looking for a little more rigourous control, pass a session id and a api url and then on your side make a call back to salesforce as that user to validate their info.
Of course these days, the usual best practice is to use oauth, but that typically works better when you're an external app that just needs permissions to get access to a user's data.
Attribution to: Ralph Callaway
Possible Suggestion/Solution #4
You can look at the login form for the remote site and see the names of fields that contain userrname and password and pass them in your apex:iframe src parameter. And you typically even do this is you are calling code from the remote server
In this example the field names are username and password ie.
<apex:iframe id="myframe" src="https://www.myremoteserver.com/plugins/servlet/fetch.action?id={!Case.Id}&username=myusername&password=mypassword"></apex:iframe>
Attribution to: Ohmicron
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/1820