...
- Sign up as a Salesforce developer.
- Fill out the relevant information found in the following URL: https://developer.salesforce.com/signup
- Click Sign me up.
- You will receive a security token by email to confirm your new account. If you did not receive the email successfully, you will be able to reset it by following the steps given here.
- Fill out the relevant information found in the following URL: https://developer.salesforce.com/signup
- Log in with your new credentials as a Salesforce developer. Do this by clicking Login link in the top right hand side of https://developer.salesforce.com/.
- Click Allow to enable Salesforce to access your basic information.
- Once you are logged in, add a connected app. See the following steps for instructions on how to do this. Also see here for a more detailed information.
- In the Administer section of the left navigation menu, click Apps under Create.
- In the window that appears, click New under Connected Apps.
Fill in the form that appears with relevant details.
The following items in the form need special consideration.Form Label Description Connected App Name The name of the connected app. API Name The API name matches the name of the connected app. This defaults to a version of the name without spaces. Only letters, numbers, and underscores are allowed, so you must edit the default name if the original app name contains any other characters. Contact Email The email address used by the connected app. Enable OAuth Settings Make sure this checkbox is selected to enable OAuth settings for your configurations to work. Callback URL The Callback URL is used for redirection. This is typically the URL that a user’s browser is redirected to after successful authentication. Use the following value here as an example: https://login.salesforce.com/services/oauth2/token
Selected OAuth Scopes Choose Full access (full) from the Available OAuth Scopes and click the button under Add. This gives the necessary permissions when accessing this App. - Click Save to add the connected app.
- The resulting screen displays key information that you will need to configure the Identity Server to Salesforce.
Make a note of the following details as you will need them in upcoming configurations.- Consumer Key
- Consumer Secret (Click the Click to reveal link to view the consumer secret)
- Callback URL
Add your connected app to the profile you are going to use to assign . This is necessary as this profile is used when you add users in to Salesforce from the Identity Server.
A list of existing profiles can be viewed in the Profiles section under Manage Users.
As an example, if you use the profile “Chatter Free User”, click Edit and select the connected app you created to configure with the Identity Server using the provided checkbox.
- Click Save. Make a note of the profile ID (or address URL) of the Chatter Free User profile. This should be: https://ap1.salesforce.com/00e90000001aV2o
- Get the public certificate for Salesforce. Do the following in order to achieve this.
- Click Setup at the top of the screen.
- In the left navigation pane, click Certificate and Key Management under Security Controls.
- Click Create Self-Signed Certificate.
- Enter the Label and a Unique Name and click Save. The certificate is generated.
- Click the Download Certificate button to download the certificate.
...
- Start the WSO2 Identity Server if it is not started up already and log in using the email you configured in the realm as instructed in the Email Authentication topic.
- On the management console, click on Add under Identity Providers.
- In the form that appears, provide a name for your identity provider by filling in the Identity Provider Name. You can use "Salesforce.com" as an example, but this can be any name you choose. See Adding an Identity Provider for information on registering and configuring an identity provider.
- Upload the Salesforce public certificate that you generated and saved in step 7 under Configuring Salesforce. Do this by clicking the Choose File button next to Identity Provider Public Certificate.
- Expand the Claim Configuration section of the form, followed by the Basic Claim Configuration section, and select Define Custom Claim Dialect.
Click Add Claim Mapping and add the following claims.
Identity Provider Claim URI Local Claim URI Alias http://wso2.org/claims/givenname Email http://wso2.org/claims/emailaddress EmailEncodingKey http://wso2.org/claims/otherphone LanguageLocaleKey http://wso2.org/claims/dob LastName http://wso2.org/claims/lastname LocaleSidKey http://wso2.org/claims/primaryChallengeQuestion ProfileId http://wso2.org/claims/role TimeZoneSidKey http://wso2.org/claims/challengeQuestion1 UserPermissionsCallCenterAutoLogin http://wso2.org/claims/telephone UserPermissionsMarketingUser http://wso2.org/claims/mobile UserPermissionsOfflineUser http://wso2.org/claims/country Username http://wso2.org/claims/emailaddress - Expand the Advanced Claim Configuration section.
- Select the Claim URI you added from the Provisioning Claim Filter dropdown and click Add Claim.
For each Claim URI, enter a default value as shown in the following sample image.
Tip Tip: The ProfileId value refers to the ID of the profile you created in Salesforce (step 6 of Configuring Salesforce). If it is the Chatter Free User profile you created, navigate to the profile in Salesforce to find the profile ID. You can do this by clicking Profiles under Manage Users in Salesforce and clicking Chatter Free User. You can get the profile ID in the URL. For example,
00e90000001aV2o
is the ProfileId for https://identityprovisioning-dev-ed.my.salesforce.com/00e90000001aV2o.- Expand the Outbound Provisioning Connectors section followed by the Salesforce Provisioning Configuration section.
- Do the following configurations for Salesforce provisioning.
- Select Enable Connector to enable the Salesforce connector.
- Enter the API version. This is the version of the API you are using in Salesforce. To obtain this, log into https://developer.salesforce.com/ and click Setup. On the left navigation pane, click API under Develop. Generate one of those APIs to check the version. This should be entered in the following format: v32.0.
- Enter the Domain. If you do not have a Salesforce domain, you can create a domain by logging into https://developer.salesforce.com/ and clicking Setup. On the left navigation pane, click My Domain under Domain Management. Make sure you enter the domain with an HTTPS prefix so that it resembles a URL. For example, https://identityprovisioning-dev-ed.my.salesforce.com.
- Enter the Client ID. This is the Consumer Key obtained in step 5 when configuring Salesforce.
- Enter the Client Secret. This is the Consumer Secret obtained in step 5 when configuring Salesforce.
- Enter the Username. This is the Salesforce username.
- Enter the Password. This is the Salesforce password and must be entered along with the security token. So you would enter this in the following format: <password><security_token>
- Click Register.
...