SalesForce Single Sign On With Symfony


Single Sign-On is a process that allows network users to access all authorized network resources without having to separately log in to each resource. Single Sign-On also gives your organization the ability to integrate with an external identity management system or perform web based single sign on to

How Single Sign-On Works

The high-level process for authenticating users via Single Sign-On is as follows:
1. When a user tries to log in—either online or using the API—Salesforce validates the username and checks the user’s profile settings.
2. If the user’s profile has the "Uses Single Sign-on" user permission, then Salesforce does not authenticate the username with the password. Instead, a Web Services call is made to the user’s single sign-on service, asking it to validate the username and password.
3. The Web Services call passes the username, password, and sourceIp to a Web Service defined for your organization. (sourceIp is the IP address that originated the login request). You must create and deploy an implementation of the Web Service that can be accessed by servers.
4. Your implementation of the Web Service validates the passed information and returns either "true" or "false."
5. If the response is "true," then the login process continues, a new session is generated, and the user proceeds to the application. If "false" is returned, then the user is informed that his or her username and password combination was invalid.

Enabling Single Sign-On

1. Contact to turn on Single Sign-On for your organization.
2. Build your SSO Web Service:
Download the Web Services Description Language (WSDL) file, AuthenticationService.wsdl, that describes the Single Sign-On service. It can be used to automatically generate a server-side stub to which you can add your specific implementation. You can download the file from Setup | Develop | API | Download Delegated Authentication WSDL. The file should be saved in web directory of symfony project.

3. In Salesforce, specify your organization’s Single Sign-On Gateway URL by clicking
Setup | Security Controls | Single Sign On Settings.

4. Modify your user profiles to contain the "Uses Single Sign-On" user permission. In Salesforce, click Setup | Manage Users | Profiles to add or edit profiles. It is recommended you create a new user with a new profile to test single sign on. Do not test with the administrator account.

Process Flow

Token Generation

You can use any string as a token. But to make it secure you have to follow some encryption and decryption mechanisms. Symfony uses a plugin dwCrypt which will provide encryption and decrption functions. For the plugin to work, Mcrypt package need to be installed which in turn requires libmcrypt­2.5.8 and mhash­0.9.9 packages.
The installation procedure is given below:
1. Download and install libmcrypt­2.5.8
2. Download and install mhash­0.9.9
3. Download and install mcrypt­2.6.7
4. Enable mcrypt package for php.
5. Install dwCrypt plugin for symfony
symfony plugin-install


I.Specify a link in your intranet page which map to an action which submits SSO request to salesforce.

II.Submit SSO Request

The above url route to this action.
1.Create a function in action class to send the SSO request to salesforce.
The function should contain the following codes

$this->username = sales_force_username;
$this->token = $this->generateToken($this->username);

$this->logoutURL = the_url_that_should_appear_after_logging_out_from_salesforce

$this->startURL = sales_force_home_url_after_logging_in;
$this->ssoStartPage = "";

2.Generate token

public function generateToken($username)
$cryptService = new sfCrypt();
$token = $cryptService->encrypt($username);
return $token;

3.Submit Form

The form should submit username and token to salesforce. The following code describes the template



II. Get the soap request from salesforce.
Salesforce will contact the web service in the gateway URL with a SOAP request when the form is submitted.Suppose the gateway url is ' The code for WebService.php is given below,

define('SF_ROOT_DIR', realpath(dirname(__FILE__).'/..'));
define('SF_APP', 'symfony_application_name');
define('SF_ENVIRONMENT', 'soap');
define('SF_DEBUG', true);


ini_set("soap.wsdl_cache_enabled", "0");

$server = new SoapServer(sfConfig::get('AuthenticationService.wsdl'));


Notice that the file should reside in web directory

myWebServiceController.class.php should be written in symfony_project/apps/symfony_app_name/lib directory.

class myWebServiceController extends sfController

public $request;

* Function to initialize SOAP request
* @return void
public function __construct()
$this->context = sfContext::getInstance();
$this->request = $this->context->getRequest();

* The function handles soap request. It first parses the request.
* The user will be logged in if the
* response is true and will not be logged in if an exception is caught.
* @param Object $soapRequest - The soap request object
* @return array
function Authenticate($soapRequest)

/** This loop parses the incoming request and stores the username and token in an array*/

foreach ($soapRequest as $key=>$value)
$loginInfo[$key] = $value;

You can add validation for the incoming token here. The variable $loginInfo['password'] will give the token in the request. To authenticate the user you have to set the
Authenticated parameter to true

return array("Authenticated"=>'true');
catch (Exception $e)
throw new SoapFault("1", $e->getMessage());


If Authenticate is set to true, user become authenticated and can see the home page for logged-in users of

for more details please visit the article by my friend Rajeev:

Install Symfony1.1 in Windows with WAMP

Install Symfony1.1 in Windows with WAMP

Part 1 - Installing WAMP

WAMP is a self-installing, all-in-the-box package with Apach, MySQL and PHP 5.

1.Download WampServer2.0c.exe from if local copy is not there.
2.Double click WampServer2.0c.exe.
3.Symfony needs PHP-XSL and Apache URL Rewrite Module to function normally.

a. To activate the Rewrite module - left click on WAMP’s tray icon and then in
Apache >> Apache Modules menu select rewrite_module
(Server will automatically reboot)
b. To enable XSL for php - left click on WAMP’s tray icon and then in
PHP >> PHP Extension menu look for php_xsl and click it.
Open C:\wamp\bin\php\php5.2.6\php.ini and remove “;” from the line:
c. Save and close the file.

4.Add environment variables to have access to PHP & MySQL under the command line.
Right-click on My Computer, then Properties. Switch to Advanced tab and click the Environment Variables button. At the end of variable PATH let’s add; C:\wamp\bin\php\php5.2.6; C:\wamp\bin\mysql\mysql5.0.51b\bin (paths to MySQL and PHP files separated by a semicolon)

Part 2 - PEAR Install

PEAR (PHP Extension and Application Repository) is a PHP extension distribution system.
In the WAMP’s PHP directory (ie. C:\wamp\bin\php\php5.2.5\) run the go-pear. bat file. Follow the installation steps and answer the questions, the default config should be fine, so you can answer:
[Enter] (default value) - if we want PEAR installed system wide.
[Enter] - If we don’t want to change the directory structure.
Y - We allow PEAR to modify our php.ini.
And [Enter] twice to finish.
Inside the PHP directory the installer created a PEAR_ENV.reg file, which after double-clicking will add all the PEAR variables to the registry - no need to do it by hand. Also add the path C:\wamp\bin\php\php5.2.5\ to environmental variable similar to the one mentioned above.

Part 3 - Installing Symfony
Open the command line and write:
> pear channel-discover

If everything goes well, the following lines get displayed on the console:

Adding Channel “” succeeded
Discovery of channel “” succeeded

Execute the following command in the console
> pear install symfony/symfony-1.1.6

Part 4 - Create Symfony project

Execute the following from command line;

> cd C:\wamp\www
> mkdir myproject
> cd myproject
> symfony init-project myproject
> symfony init-app testapp
> symfony init-module testapp firstpage

The work can be seen at http://localhost/myproject/web/

Part 5 – Configuring Apache for the project

1.Open httpd.conf in the folder C:\wamp\bin\apache\apache2.2.8\conf
You can see Listen 80 statement. Include Listen 81 below that. (You are going to host the application in port 81)
2.Remove # from the line,
# Include conf/extra/httpd-vhosts.conf
3.Save and close the file.
4.Open httpd-vhosts.conf in the folder C:\wamp\bin\apache\apache2.2.8\conf\extra
5.Add new virtual host for your application.
6.Save and close the file.
7.Restart Apache : left click on WAMP’s tray icon and then in
Apache >> Service >> Restart Service

8.Take a browser and type http://localhost:81/ in the address bar.
You can see a page similar to the one given below:

[This article was created by my friend Rajeev Gopinath. Also thanks to Anoop Philip...]

BITSONTHERUN - Hassle-free video hosting

Bits on the Run is a clear and powerful system for converting, managing and streaming video on your site.

These features highlight why Bits on the Run is a full-fledged yet easy to work with videohosting solution. Find out why we are easier to set up, more flexible, cheaper and better to integrate than competing products.
  • High-Quality Video

  • Custom Video Players

  • Flexible Playlists

  • Hands-on support

  • Easy Workflow

  • Extensive API

  • Effective Advertising

  • Clear Pricing