1

I have set up the custom login page for my application using the following resource.

http://brianpeddle.com/2011/06/06/building-a-custom-salesforce-login/

However this approach requires security token for each user if the user is in untrusted network and the security token changes when user reset password.

How can I set up so that I allow multiple user login from this page? Currently only I can think of is have an extra input box so that user past the security token along with username and password. I wonder if salesforce allow javascript to grab security token dynamically for each user

Improve this question

3 Answers 3

Reset to default
1

OAuth2 is a security implementation that allows users to access their Salesforce data without having to enter their user/password in an untrusted application or do nasty token management themselves.

Salesforce has a guide on how to implement OAuth2 for web sites. It can be difficult to set up if you don't have any experience with OAuth2, but there are plenty of guide available.

I would also recommend using something like Firefox's RESTClient addon (or something like it) to test the use of OAuth2 to get a feel for authenticating against Salesforce .

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks I will try first. I just feel too much hassle to set up a custom login page for untrusted network....
Seems like all the OAuth2 API which I can send username and password requires security token. I wonder if it's possible to do this. Or Do I need to host customized API on another server on the cloud and access salesforce from the server so that all users can login from the same server?
The security token you are referring to would be the client ID. This is defined in Salsforce and put with the username and password during authentication. The authorisation process will provide a session security token. An OAuth session can be kept open indefinately with an option allowing a web server to allow its users to connect to the same Salesforce account.
na1.salesforce.com/services/oauth2/… Thanks you very much after goign through your post and I managed to figure out Acctual url was: myserver.salesforce.com/services/oauth2/… I wonder if client_id and client_secret are secure to have it in javascript file?
Well just like anything giving away these little bits of info could lead to insecurities. If you want to have your web server redirect the user to salesforce login use this flow: help.salesforce.com/help/doc/en/… This avoid putting credentials in a javascript file.
0

Are you sure you have white listed the IP?

I strongly belive if you get the IP of server where your custom login page is hosted and put that in list of white listed IP's then User will not required to enter their security token.

to find the ip of your server(where your page is hosted) - try to login with your custom login page - login into SFDC and go to setup -> user profile-> login history

there you will see last login from IP

Copy above IP and

Again go into Setup -> Security control -> Remote site setting

and add above copied IP.

this way SF will not required security token when user is login from that IP.

http://ap1.salesforce.com/help/doc/en/configuring_remoteproxy.htm

Improve this answer

2 Comments

My application is like project management software and I want to have it as a saas application so people can login to our app to manage projects etc. They might login from their office or from their mobile so setting ip address is not option. If this is salesforce's limitation I need to host my custom API on cloud ( say heroku ) and access salesforce data from there.
@ShinyaKoizumi OAuth is designed for this authentication model.
0

Use this code for just login:

https://login.salesforce.com?un="+username+"&pw="+password+"&startURL=/apex/somepage
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.