It is important to test the security of Single Sign-On implemented. Since it doesn’t require username and password, it may expose sensitive data to the attacker. Single sign on issues arise for developers integrating with Force.com when either the API Partner Server URL is not validated or SSL is not used when a non-native application … Continue reading Single Sign On Security in Salesforce