SAML authentication using salesforce.com

In our web application I want Identity provider (IdP) which authenticate users using salesforce.com.

I have done with Single Sign-On Settings at salesfo开发者_如何学Gorce.com.

After these setting salesforce provide a metadata file.

Please tell me:

• Is there any other setting I need to make at salesforce.com?
• What to do next in my java code to authenticate user?

If you have Salesforce.com acting as a SAML Service Provider, then you will need to send SAML Assertions from your IdP to Salesforce.com to authenticate users. These are basically signed XML blobs that get passed around in an HTTP Redirect or HTTP POST to authenticate users.

From the Salesforce.com configuration side it's quite simple. Here is a sample of what is required on that side to configure with the OpenSSO solution: https://indirat.wordpress.com/salesforce/

What you enter in that configuration, largely depends on what your IdP can do. For example, what version of SAML, what & where the user identifier is in the SAML assertion, and the public verification certificate that matches the key used by your IdP to digital sign assertions.

How you handle this in "your java code" is a huge question with many answers. You should be using a proven SAML solution as your IdP, rather than trying to implement the SAML specification yourself. There are several open source libraries such as OpenSAML that work nicely in a Java context, but will require significant effort to integrate. Commercial solutions such as those offered by SSO & federation solution vendors (like Ping Identity) make things considerably easier if you have a budget.