I'm trying to sign into a community via Auth Provider from an external org.
I've set the Auth provider in my organization and my community too. Doing as the documentation says: Using the community URL parameter
my Url looks like this:
https://login.salesforce.com/services/auth/sso/orgId/MyCommunity?community=https://mycommunity.com/
However this is what is happening at the moment:
-
If I use the url without the community everything is ok: https://login.salesforce.com/services/auth/sso/orgId/MyCommunity ->
The new users are created and updated. -
However if I try to log in using again the same https://login.salesforce.com/services/auth/sso/orgId/MyCommunity, same browser but different tab and I got the error: "Cannot sign on into same org"
-
If I use the Url with community parameter it never works. https://login.salesforce.com/services/auth/sso/orgId/MyCommunity?community=https://mycommunity.com/ –>CASE 1: If I log in using a new user that is not in the community org, what I expect is that the handler works in the same way like without community parameter and creates the new User.
However it doesn't happens and the error is : "User was an internal user for the community"
–> CASE 2: If the user exists in the community org the error is: "Cannot sign on into same org"
Then in Summary, if I use community parameter I'm not able to log in / sign in ever. If I use URL without community parameter I'm able to create new users and update therefore I'm able to log into the org that has the community using another org credentials.
Here there are some links that I used:
The self registration controller and page for the community are implemented and working.
Step by Step scenarios:
Org A, client, the connected app is here, has 1 user:
u1@sf.com
Org B, community org, has 1 user
Admin@sf.com
This org doesn’t have knowledge of u1@sf.com
This org contains the self registration controller and page. Working.
Things that I tried already:
**Case 1:**
Step 1: log into client org as u1@sf.com
Step 2: use the Community url https://mycommunity.com/
Step 3: Click in Login with Salesforce button
Step 4: Click Allow button
Error:
User+was+an+internal+user+for+the+community&startURL=%2F
**Case 2**
Step 1: Log into client org using u1@sf.com
Step 2: Use the url : https://login.salesforce.com/services/auth/sso/orgId/MyCommunity?community=https://mycommunity.com/
Error:
Same error as before: User+was+an+internal+user+for+the+community
**Case 3**
Step 1: log into client org using u1@sf.com
Step 2: https://login.salesforce.com/services/auth/sso/orgId/MyCommunity
Success: The user is now in the community org, however not in Community view. A new User is created in OrgB for u1@sf.com, that is created by the RegHandler ( this class implements Aut.RegistrationHandler)
Therefore now I have now a new user in the community org, B, that is called u1@mycommunity.com.
Best Answer
What it looks like you're attempting to do is login to a community via Salesforce SSO and Auth Providers using credentials from that org, and this is not allowed. Your Salesforce instance that serves as your identity provider must be a different org than the one hosting your community. Attempting to sign in to the community using credentials from the org hosting the community would lead to the error "Cannot sign into the same org"
Does your login page need to be able to support internal and external users, or just internal users? You can create a custom login page and login method for internal users, but the URL and endpoint looks a little different: