Redirect user to Salesforce UI using Session Ids

-
Recently, I was working on interesting requirement where user had to be redirected to Salesforce application with session id. Sharing the details about how we can achieve this in Salesforce.

Once the user enters his credentials on Salesforce login screen, on successful authentication Salesforce internally redirects user to default landing page using frontdoor.jsp. Salesforce has leveraged this feature for developers.

For using frontdoor.jsp, couple of things are required, first is server url (it can be login.salesforce.com or test.salesforce.com or custom domain url) and second is active session id

<server url>/secur/frontdoor.jsp?sid=<session_id>

Eg.
https://login.salesforce.com/secur/frontdoor.jsp?sid=00D0K0000024Spm!ARkAQLF3GhBYzftBP42x6oviafHgbc3Op_cfbylGDPbTAbE3cMeVKSOoZIa3U5Zi51VPMSEKTC3oVcXTB2_WVl.EmIGiqpbB

It also allows to redirect users to different url within Salesforce application by passing optional relative url 

<server url>/secur/frontdoor.jsp?sid=<session_id>&retURL=<relative url>

Eg.
https://login.salesforce.com/secur/frontdoor.jsp?sid=00D0K0000024Spm!ARkAQLF3GhBYzftBP42x6oviafHgbc3Op_cfbylGDPbTAbE3cMeVKSOoZIa3U5Zi51VPMSEKTC3oVcXTB2_WVl.EmIGiqpbB&retURL=/apex/myVisualforcePage

Important point to consider here is how the session id is obtained. Session id obtained via OAuth authentication (access token), SOAP API login and UserInfo.getSessionId() can be used with frontdoor.jsp

Redirection in experience site:

Fontdoor.jsp can be used to provide users access to communities as well. Few additional considerations while using frontdoor.jsp for communities. Server url should be the community url and second is if using OAuth authentication for obtaining session id, manage user data via web browsers scope should be added in connected app.  

Eg.
https://bravo.cs128.force.com/customer/secur/frontdoor.jsp?sid=00D0K0000024Spm!ARkAQLF3GhBYzftBP42x6oviafHgbc3Op_cfbylGDPbTAbE3cMeVKSOoZIa3U5Zi51VPMSEKTC3oVcXTB2_WVl.EmIGiqpbB&retURL=/customer/myCommunityPage

Troubleshooting:

Many times while using frontdoor.jsp users are redirected to login screen instead of Salesforce application, below are few of pointers which can be used for troubleshooting.

1. Check the server url used
2. Check if the web scope is added in connected app if session id is obtained via OAuth
3. Check the return url used is relative


Thanks for your time to go through the post, hope it helps!


Popular posts from this blog

Create File versions from Apex

-
Image
In Lightning Experience, Salesforce Files unifies your files, documents, and libraries into a single place for easier management. Files can be created from different places like Lightning Components, LWC and integrations i.e. via apex. In majority scenarios, the requirement is around creating a file and associating it with some sObject record.  Below script can be to create a file in Salesforce. HttpRequest req = new HttpRequest () ; req.setEndpoint ( 'https://images.pexels.com/photos/2052217/pexels-photo-2052217.jpeg?auto=compress&cs=tinysrgb&dpr=1&w=500' ) ; req.setMethod ( 'GET' ) ; HttpResponse res = new Http () .send ( req ) ; if ( res ! = null ) { Blob imageBlob = res.getBodyAsBlob () ; String fileName = 'Ssshhh' ; // Creates the contentversion and implicitly creates content document ContentVersion cv = new ContentVersion () ; cv.Title = fileName; cv.PathOnClient = fileName
Read more

Run as different user in Apex

-
Yes, you read it right; running apex as different user who has higher access levels than logged in user is now possible in Salesforce using Platform Events . Platform events are executed as  Automated Process user . Processing records in system mode or async apex like  batch jobs are the commonly used workarounds for this. However there are few use cases where these workarounds can not help. We are going to see one of such use case. Use Case: If event is created with attendees then, only organizer can edit the event. This is standard Salesforce behavior. And there is business requirement that, attendees should be able to update few fields on event. Solution: Lets first analyze what is event with attendees means. Whenever a event is created with attendees, Salesforce creates separate events for organizer and attendees. These events are linked to each other, any update to organizer event is propogated to all attendee events automatically.  For organizer event IsChild is set to false an
Read more

Creating JKS certificate for JWT Bearer flow in Salesforce

-
JWT stands for Json Web Token. Salesforce supports JWT for authentication however, JWT should be signed using RSA SHA256 algorithm. This algorithm needs private and public key for signature. OpenSSL can be used to create private and public key and the same can be converted to specific certificate format. You can get OpenSSL here . Creating self-signed certificate: Below is the consolidated list of OpenSSL commands to create a self signed certificate. Generate a private key openssl genrsa -des3 -passout pass:<Password> -out server.pass.key 2048 openssl rsa -passin pass:<Password> -in server.pass.key -out server.key Generate a certificate signing request using the server.key file. A challenge password would asked with other information. Keep the passwords same to avoid certificate corruption. openssl req -new -key server.key -out server.csr Generate a self-signed digital certificate from the server.key and server.csr files openssl x509 -req -sha256 -days 365 -in server.csr -
Read more