Following are the steps I am doing:
- Get the Salesforce Session ID through SAML Handshake using SAML attributes
- Trigger REST API using that session ID
curl https://my-communities.force.com/services/data/v20.0/query/soql_query_here -H "Authorization: Bearer SessionIDHere"
Curl call to the API responds with an error
[{"message":"This session is not valid for use with the REST API","errorCode":"INVALID_SESSION_ID"}]
Note:
- The issue is specific to Community users
- The issue started happening after 30th Nov 2017
- This has nothing to do with OAuth flow
I am not sure anything has changed from settings or from Salesforce release side, any help with this.
Best Answer
You need to do a small change in the SAML custom attribute
Modify the $API.Session_Id attribute to $User.EmptyFormula__c & $Api.Session_ID where $User.EmptyFormula__c is a formula field on user with value
When this is the case we first evaluate $User.EmptyFormula__c and set Entity Id. *$User.EmptyFormula__c can be any formula, just so long as it's evaluated before $Api.Session_ID"
detailed here