Access REST API after Single Sign-on (SSO)

We have a heroku-hosted web app that used Salesforce as Identity Provider (IdP) to do Single Sign-On (SSO) between SFDC & other services. We know that in doing so our web app user are already logged into their SFDC account. Then what is the best way for our web app to obtain SFDC REST API access under user’s SFDC account without asking for a password or redirecting?

We have basic understanding on OAuth, SAML and SSO. Also we have studied the following pages:

  1. https://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_authenticate.htm&language=en_US
  2. https://developer.salesforce.com/page/Single_Sign-On_for_Desktop_and_Mobile_Applications_using_SAML_and_OAuth

Answer

You can pass a session ID as an attribute in the SAML Assertion. In the Connected App configuration for your SP, set $Api.Session_ID as a Custom Attribute value. The recipient will be able to use the session ID with the REST API.

Attribution
Source : Link , Question Author : Oscar Tang , Answer Author : metadaddy

Leave a Comment