The WSO2 App Manager facilitates outbound provisioning (by skipping the creation of the proxy Web app) to different external domains such as Salesforce, Google, Facebook, etc. Following sections describe how you can implement outbound provisioning to Salesforce using WSO2 App Manager.
Follow the steps below to configure Salesforce for outbound provisioning with WSO2 AppM.
Signing-up as a Salesforce developer
Follow the steps below to sign-up as a Salesforce developer.
- Access the following sign-up URL using your Web browser: https://developer.salesforce.com/signup
- Enter the details as shown below, to get a free development environment by signing-up.
Click Sign me up. You receive a confirmation email.
Click the confirmation link in the email to confirm your account creation.
Fill out a password and a security question for your account as shown below.
Click Save .
- Access the following URL using your Web browser: https://developer.salesforce.com/
Click the Login button in the top right upper corner of the screen.
Log in with your new credentials as a Salesforce developer as shown below.
Click Allow for Salesforce to access your basic information in the below screen.
Creating a developer domain
Follow the steps below to create a developer domain.
- Access the following URL using your Web browser: https://ap2.salesforce.com/setup/forcecomHomepage.apexp
- Click Administer in the left navigation menu, and then click My Domain under Domain Management.
- Enter a unique domain name in the below screen. (For example: petergappm). Click Check Availability , to check its availability.
- Check I agree to the Terms and Conditions , and t hen click Register Domain . Your domain is ready to use, once you receive a confirmation email after the DNS registration is completed for it.
- Click Administer in the left navigation menu, and then click My Domain under Domain Management. You view the below screen.
Click Click here to login . It redirects you to your domain.
Click Deploy to users . Click OK in the pop-up confirmation alert as shown below .
Enabling single sign-on
Follow the steps below to enable single sign-on in Salesforce.
- Log in to your domain using its URL and credentials (E.g. https://petergappm-dev-ed.my.salesforce.com)
- Click Administer in the left navigation menu, and then click Single Sign-On Settings under Security Controls. You view the below screen.
- Click Edit, check SAML Enabled, and then click Save .
- Click New in SAML Single Sign-On Settings section.
Enter the following configurations as shown below.
- Issuer: localhost
- Entity Id: https://saml.salesforce.com
- Identity Provider Login URL: https://localhost:9443/samlsso
- Identity Provider Logout URL: https://localhost:9443/samlsso
Click Chose File, and upload the Identity Provider Certificate.
Navigate to the
<AppM_HOME>/repository/resources/security/directory, and execute the following command in the CLI to create an IDP certificate:
keytool -export -keystore wso2carbon.jks -alias wso2carbon -file wso2.crt -storepass wso2carbon
The Salesforce Login URL in the Endpoints section should be similar to https://petergappm-dev-ed.my.salesforce.com?so=00D28000000UBRU.
Click Administer in the left navigation menu, and then click My Domain under Domain Management. You view the below screen.
Click Edit in the Authentication Configuration section.
Check AppMSSO in Authentication Service as shown below, and click Save.
Configuring WSO2 App Manager
You use an email address to log in to Salesforce. Therefore, to integrate this email address with the Identity Server, you need to configure WSO2 App Manager to enable you to log in to it using it. Follow the steps below to configure WSO2 AppM by enabling the email login in it for outbound provisioning for Salesforce.
Configuring the carbon.xml file
Uncomment the following configuration in the
AppM_HOME>/repository/conf/carbon.xml file, to enable email authentication:
Configuring the user-mgt.xml file
Do the following configurations in the
Enter the email attribute of the admin user as the value of the
<UserName>property, within the
AdminUser>element of the
<realm>configurations as shown below.
<UserManager> <Realm> <Configuration> <AddAdmin>true</AddAdmin> <AdminRole>admin</AdminRole> <AdminUser> <UserName>admin</UserName> <Password>admin</Password> </AdminUser> </Configuration> </Realm> </UserManager>
Regardless of the user store manager being used (LDAP, Active Directory or JDBC-based), do the following configurations to the respective user store manager.
- Change the value of the
IsEmailUserName>property to true, to enable it as follows:
- Set the value of the
Configuring the app-manager.xml file
Enter the email address of the admin user as the value of the
Username> property in all the following configurations in the
AppM_HOME>/repository/conf/app-manager.xml file as shown in the example below.