This documentation is for WSO2 App Manager 1.0.0. View documentation for the latest release.
Outbound Provisioning for External Apps - App Manager 1.0.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

The WSO2 App Manager facilitates outbound provisioning (by skipping the creation of the proxy Web app) to different external domains such as Salesforce, Google, Facebook, etc. Following sections describe how you can implement outbound provisioning to Salesforce using WSO2 App Manager.

Configuring Salesforce

Follow the steps below to configure Salesforce for outbound provisioning with WSO2 AppM.

Signing-up as a Salesforce developer

Follow the steps below to sign-up as a Salesforce developer.

  1. Access the following sign-up URL using your Web browser: https://developer.salesforce.com/signup
  2. Enter the details as shown below, to get a free development environment by signing-up.
    sign-up form to get a free development environment in Salesforce
  3. Click Sign me upYou receive a confirmation email. 

  4. Click the confirmation link in the email to confirm your account creation.

  5. Fill out a password and a security question for your account as shown below.

    changing the password in Salesforce

  6. Click Save .

  7. Access the following URL using your Web browser: https://developer.salesforce.com/
  8. Click the  Login button in the top right upper corner of the screen.

  9. Log in with your new credentials as a Salesforce developer as shown below.

    log in as a developer in Salesforce

  10. Click Allow for Salesforce to access your basic information in the below screen.

    allow Salesforce to access your basic info

Creating a developer domain

Follow the steps below to create a developer domain.

  1. Access the following URL using your Web browser:  https://ap2.salesforce.com/setup/forcecomHomepage.apexp
  2. Click Administer in the left navigation menu, and then click My Domain under Domain Management.
  3. Enter a unique domain name in the below screen. (For example: petergappm). Click Check Availability , to check its availability.
    enter details of the domain
  4. Check I agree to the Terms and Conditions , and t hen click Register Domain Your domain is ready to use, once you receive a confirmation email after the DNS registration is completed for it.
  5. Click Administer in the left navigation menu, and then click My Domain under Domain Management. You view the below screen.
    newly created domain
  6. Click Click here to login . It redirects you to your domain.

  7. Click Deploy to users . Click  OK in the pop-up confirmation alert as shown below .

    confirmation alert on deploying the domain

Enabling single sign-on

Follow the steps below to enable single sign-on in Salesforce.

  1. Log in to your domain using its URL and credentials (E.g. https://petergappm-dev-ed.my.salesforce.com) 
  2. Click  Administer in the left navigation menu, and then click  Single Sign-On Settings under Security ControlsYou view the below screen.
    enabling single sign-on settings in your domain
  3. Click Edit, check SAML Enabled, and then  click Save .
  4. Click New  in SAML Single Sign-On Settings section.
  5. Enter the following configurations as shown below.

    single sign-on settings

  6. Click Chose File, and upload the Identity Provider Certificate.

    Navigate to the <AppM_HOME>/repository/resources/security/ directory, and execute the following command in the CLI to create an IDP certificate: keytool -export -keystore wso2carbon.jks -alias wso2carbon -file wso2.crt -­storepass wso2carbon

  7. Click Save.

    The Salesforce Login URL in the Endpoints section should be similar to https://petergappm-dev-ed.my.salesforce.com?so=00D28000000UBRU.

  8. Click Administer in the left navigation menu, and then click My Domain under Domain Management. You view the below screen.

    authentication configuration details

  9. Click Edit in the Authentication Configuration section.

  10. Check AppMSSO in Authentication Service as shown below, and click Save.
    authentication service

Configuring WSO2 App Manager

 You use an email address to log in to Salesforce. Therefore, to integrate this email address with the Identity Server, you need to configure WSO2 App Manager to enable you to log in to it using it. Follow the steps below to configure WSO2 AppM by enabling the email login in it for outbound provisioning for Salesforce.

Configuring the carbon.xml file

Uncomment the following configuration in the <AppM_HOME>/repository/conf/carbon.xml file, to enable email authentication: <EnableEmailUserName>true</EnableEmailUserName> 

Configuring the user-mgt.xml file

Do the following configurations in the <AppM_HOME>/repository/conf/user-mgt.xml file.

  1. Enter the email attribute of the admin user as the value of the <UserName> property, within the <AdminUser> element of the <realm> configurations as shown below.  

    <UserManager>
        <Realm>
            <Configuration>
    		<AddAdmin>true</AddAdmin>
                    <AdminRole>admin</AdminRole>
                    <AdminUser>
                         <UserName>admin</UserName>
                         <Password>admin</Password>
                    </AdminUser>
            </Configuration>
     	</Realm>
    </UserManager> 

    Regardless of the user store manager being used (LDAP, Active Directory or JDBC-based), do the following configurations to the respective user store manager.

  2. Change the value of the <IsEmailUserName> property to true, to enable it as follows: <Property name="IsEmailUserName">true</Property>
  3. Set the value of the <UsernameWithEmailJavaScriptRegEx> property as follows: <Property name="UsernameWithEmailJavaScriptRegEx">^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$</Property>

Configuring the app-manager.xml file

 Enter the email address of the admin user as the value of the <Username> property in all the following configurations in the <AppM_HOME>/repository/conf/app-manager.xml file as shown in the example below. 

<Username>admin@wso2.com</Username>
  • <AuthManager> 
  • <APIGateway> (In all <Environment> types)
  • <APIKeyManager>
  • <SSOConfiguration> (In every <Configurator>)
  • <EntitlementServiceConfiguration>
  • No labels