I'm struggling here. I've configured an OpenID Connect Auth. Provider. I've been given all the needed parameter, such as the
- consumer key
- consumer secret
- Authorize endpoint url
- token endpoint url
- user info endpoint url
I also edited the autogenerated RegistrationHandler Apex Class to my needs, such as "create a user with that profile if the data.email parameter is not found among the users", and other things.
I also successfully log into the third-party system. they use MyID and the SAML 2.0 protocol to authorize the access, and they confirmed that registered the app with the callback url generated by Salesforce (as their Identity Provider "role" has to do)
the problem is that I encounter an error : "ErrorCode=No_Oauth_Token&ErrorDescription=Empty+Response" and the RegistrationHandler class is not even invoked once, I can't return successfully go back to Salesforce, the callback fails.
the redirect from their login page https://****.******.****.******.it/authenticationendpoint/login.do?RelayState=s2b1ab004194cb[....]
on their website, goes through a different page with clear indication that they are using MyID with SAML2:
https://myid.******.****.it/gw/AssertioncConsumerProxy/SAML2
I suspect that they are giving me back the response of their provider: they're using SAML protocol, but Salesforce is using OpenID Connect and waiting for a response with that OpenID protocol, not SAML thus giving the error and not landing on Salesforce.
I'd like to point out that I tried a personal gmail account with Google as ID Provider, and all went well. so It's not that I don't know how to do it or something, I'm having problem with their (malformed?) response (instead of a correct one from Google)
I'm at loss, it's either the third party doesn't seem to know how to implement a correct OpenID response, or I am not getting something straight, even though following (and understanding enough) a tutorial on how to set up Google ad Identity Provider gives me a working flow.
If anyone can help me on how to go through this bad situation it would be terrific.
Thanks in advance
here is the screenshot of Salesforce error message on callback not working
- I tried changing Consumer key and Consumer Secret (they provided 2 new one but they don't work at all)
- opening a ticket in Salesforce but it wasn't a problem that the support could tackle
