2

We would like to connect a salesforce user to another salesforce user in another org without any user intervention from a service.

We have tried SAML Bearer Flow (using Remote Access Application) to connect to salesforce to retreive Access Token for one of our product. We are referring to the follwoing article.

http://help.salesforce.com/help/doc/en/remoteaccess_oauth_SAML_bearer_flow.htm

As referred by the SF article for this flow, it uses a previous user authorization to connect and retreive Token. In case the user (for whom Token is requested) has not already authorized the App, SF takes you to the Authorization page first and app will get the access token once app is authorized. This is working fine too. However it has this painful step of users authorizing the app before we can use this flow for the product. It would be good and simplified if this step can be done once for an org and the article does mentions that either User or Admin can authorize the app. However I am not able to find how an Admin can authorize the remote access application.

Does anyone knows and can guide how can an Admin authorize an App or is thre any other way we can achieve our requirement. Any thoughts will be really appreciated.

4

1 回答 1

1

OAuth1 和 OAuth2 在设计上需要用户干预。您为克服这一点所做的任何事情都是谨慎的,而不是最佳实践。您可以让用户轻松,但您将始终收到初始的“授权此应用程序”消息。

如果您试图让用户轻松登录到任一组织,那么您可能需要考虑使用中心辐射型 SSO 解决方案。 请参阅此文档。

如果您尝试在两个 Salesforce 实例之间传递信息,那么您可能需要考虑 Salesforce2Salesforce 或出站工作流。但是,这是在系统上下文而不是用户上下文中完成的。

如果您想维护用户上下文和安全性,您应该考虑新的 Salesforce Canvas API。Canvas 允许您调用出站服务,并将凭据传递给该服务,以便它可以返回通信。外部服务没有理由不能是 Salesforce 实例。

于 2013-02-13T00:46:20.247 回答