I personally have not used the SAML 2.0 token provider, but the official description says that ACS supports SAML 2.0 tokens. The list of supported protocols is OAuth 2.0, WS-Trust and WS-Federation (as indicated in the official announcement ).
In addition, there is currently an automated (with user interface) way of adding identity providers that are not defined in ACS. However, you can use ACS cmdLets to manually add IP addresses that support the protocol. Here is a Vittorio blog that shows how to add an openID provider .
If you can configure SalesFores as IdP using SAML 2.0 tokens, you just need to define the protocol - this is OAuth, this is WS-Trust WS-Federation and run a PowerShell command that will look something like this: this:
PS:\>Add-IdentityProvider –Namespace "myacsnamespace" –ManagementKey "XXXXXXXX" -Type "Manual" -Name "SalesForce" -Protocol OAuth –SignInAddress "http://www.your_salesforce_site.com/sign-in-url"
The list of supported protocols for this command: WsFederation, OAuth, OpenId, WsTrust. Therefore, the SalesForce IdS configuration should use some of these protocols with SAML 2.0 tokens, and it should work. I think this is OAuth like this wiki .
Hope this helps!
astaykov
source share