The official description SAML 2.0 says that ACS supports SAML 2.0 tokens. A list of supported protocol is OAuth 2.0, WS-Trust, and WS-Federation as given in the official statement.
Also, there is currently no automated way to add identity providers that are out of predefined in the ACS. You can, however, use the ACS cmdlets to manually add IPs that have a supported protocol.
If you configure the SalesFores as IdP with the use of SAML 2.0 tokens, you just need to identify the protocol and execute a PowerShell command which would look something like this:
PS:\>Add-IdentityProvider –Namespace "myacsnamespace" –ManagementKey "XXXXXXXX" -Type "Manual" -Name "SalesForce" -Protocol OAuth –SignInAddress "http://www.your_salesforce_site.com/sign-in-url"
The list of supported protocols for this command are:
OAuth,
WsFederation,
WsTrust,
OpenId.
So the SalesForce IdP configuration must use any of those protocols with SAML 2.0 tokens and it should work.
I hope this helps!
Back