Versions Compared

Old Version 54

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
top
top
The WSO2 Identity Server (WSO2 IS) has the ability to provision users into different domains like Salesforce, Google, Facebook, etc., using its identity provisioning framework.

...

  1. Start the WSO2 Identity Server if it is not started up already and log in using the email you configured in the realm as instructed above in step 3 of Configuring the Identity Server
  2. On the Management Console, click on Add under Identity Providers.
  3. In the form that appears, provide a name for your identity provider by filling in the Identity Provider Name. You can use "Salesforce.com" as an example, but this can be any name you choose. See Configuring an Identity Provider for information on registering and configuring an identity provider.

  4. Upload the Salesforce public certificate that you generated and saved in step 7 under Configuring Salesforce.
    Do this by clicking the Choose File button next to Identity Provider Public Certificate.

    Info
    titleWhy is the certificate needed?

    The Identity Provider's public certificate is used for SSL communication, to verify the signed data that comes from the Identity Provider and to send encrypted data to the Identity Provider.

  5. Expand the Claim Configuration section of the form, followed by the Basic Claim Configuration section, and select Define Custom Claim Dialect

    Info

    We are adding a claim map in order to provision the users claim values to salesforce when outbound provisioning users to salesforce via WSO2 Identity Server. Here, the Identity Provider Claim URI is the claim URI in Salesforce, which maps local claim URI in WSO2 Identity Server. Read more about Claim Management.

    For more information on configuring advanced claims, see Configuring Claims for an Identity Provider.

  6. Click Add Claim Mapping and add the following claims.
    Local claims in WSO2 IS are unique URIs. These are mapped to the attributes required by salesforce to create a new profile. Therefore, in this step you are mapping the attributes required by Salesforce to a unique URI. Now, when creating a new profile/user WSO2 IS sends these values to the correct attribute of Salesforce.

    Identity Provider Claim URILocal Claim URI
    Aliashttp://wso2.org/claims/givenname
    Emailhttp://wso2.org/claims/emailaddress
    EmailEncodingKeyhttp://wso2.org/claims/otherphone
    LanguageLocaleKeyhttp://wso2.org/claims/dob
    LastNamehttp://wso2.org/claims/lastname
    LocaleSidKeyhttp://wso2.org/claims/primaryChallengeQuestion
    ProfileIdhttp://wso2.org/claims/role
    TimeZoneSidKeyhttp://wso2.org/claims/challengeQuestion1
    UserPermissionsCallCenterAutoLoginhttp://wso2.org/claims/telephone
    UserPermissionsMarketingUserhttp://wso2.org/claims/mobile
    UserPermissionsOfflineUserhttp://wso2.org/claims/country
    Usernamehttp://wso2.org/claims/emailaddress

  7. Expand the Advanced Claim Configuration section.
  8. Select the Claim URI you added from the Provisioning Claim Filter dropdown and click Add Claim.

  9. For each Claim URI, enter a default value as shown in the following table. The default values are used when creating the role in Salesforce.
    For example, the alias, email, profile ID and all the values listed below are shown when a user is created.
    These are sample values to help you understand better about claim URI and its value types.

    Claim URIDefault Value
    AliasSamuel
    Emailsamuel@wso2.com
    EmailEncodingKeyUTF-8
    LanguageLocaleKeyen_US
    LastNameGnaniah
    LocaleSidKeyen_US
    ProfileId

    00e90000001aV2o
    The users that are added using WSO2 Identity Server are added to this profile in Salesforce. For more information on the context of profiles in Salesforce, see the Salesforce tutorial.

    Tip

    Tip: The ProfileId value refers to the ID of the profile you created in Salesforce (step 6 of Configuring Salesforce). If it is the Chatter Free User profile you created, navigate to the profile in Salesforce to find the profile ID. You can do this by clicking Profiles under Manage Users in Salesforce and clicking Chatter Free User.

    Copy the URL and decode it using a URL decoder. You get an output similar to what is shown below:
    https://wso2-is-sso-dev-ed.lightning.force.com/one/one.app#/setup/page?nodeId=EnhancedProfiles&address=/00e90000001aV2o?isdtp=p1&a:t=1509949702148

    In this case 00e90000001aV2o is your profile ID. Similarly, enter your Profile ID.

    TimeZoneSidKeyAmerica/Los_Angeles
    UserPermissionsCallCenterAutoLoginfalse
    UserPermissionsMarketingUserfalse
    UserPermissionsOfflineUserfalse
    Usernamesamuel@wso2.com

  10. Expand the Outbound Provisioning Connectors section followed by the Salesforce Provisioning Configuration section.
  11. Do the following configurations for Salesforce provisioning. For more information on any of these fields, see Configuring Salesforce provisioning.
    1. Select Enable Connector to enable the Salesforce connector.
    2. Enter the API version. This is the version of the API you are using in Salesforce. 
      Follow the steps given below to get the API version:
      1. To obtain this, log into https://login.salesforce.com
      2. Search for API in the Quick Find search box and click API. 
      3. Generate any one of the WSDL's to check the version. You are navigated to page with XML syntaxes.
      4. On the top, it will mention as "Salesforce.com Enterprise Web Services API Version <VERSION>".  For example: Salesforce.com Enterprise Web Services API Version 41.0
      5. Enter this value for the API version in the following format: v<VERSION_NUMBER>. For example: v41.0.

    3. Enter the Domain. If you do not have a Salesforce domain, you need to create a domain by logging into https://login.salesforce.com

      Expand
      titleClick here for more information on creating the domain on Salesforce.

      Insert excerpt
      Logging in to Salesforce with Facebook
      Logging in to Salesforce with Facebook
      nopaneltrue

      Info
      1. Search for My Domain using the Quick Find search box and click My Domain.
        You see the domain as follows: Your domain name is  <DOMAIN>-dev-ed.my.salesforce.com
      2. Make sure you enter the domain with an HTTPS prefix so that it resembles a URL:  https://<DOMAIN>-dev-ed.my.salesforce.com .

    4. Enter the Client ID. This is the Consumer Key obtained in step 5 when configuring Salesforce.

      Expand
      titleDid not save the details? Click here for more information on getting the details.
      1. Search for App Manager using the Quick Find search box and click App Manager.
      2. Click the expand button for your Connected App and click View.
      3. You are navigated to the page that has the Client ID and Client Secret of the app under API (Enable OAuth Settings).
    5. Enter the Client Secret. This is the Consumer Secret obtained in step 5 when configuring Salesforce.
    6. Enter the Username. This is the Salesforce username.

    7. Enter the Password. This is the Salesforce password and must be entered along with the security token. So you would enter this in the following format: <password><security_token>
      For example, if your password is testpassword and your security token is 37f37f4433123, the value you would enter here is testpassword37f37f4433123.

      Tip
      Expand
      titleWhere can I get the security token?
      1. Log in to Salesforce: https://login.salesforce.com/
      2. Click on your avatar and click My Settings. You are navigated to the Personal Information page.
      3. On the left navigation, click Reset My Security Token.

      4. Click Reset Security Token.
        An email is sent to you with the new security token. Check the email of the email address you configured for Salesforce.

  12. Click Register.

...

  1. In the Main menu under the Identity section, click Resident under Service Providers
  2. Expand the Outbound Provisioning Configuration in the screen that appears.

  3. Select the identity provider you configured from the drop down and click the button.

    Info

    If you enable Blocking, Identity Server will wait for the response from the Identity Provider to continue.

    If you enable  Enable Rules  and  and Blocking, blocking will block the provisioning till the rule completely evaluate and get the response back to the WSO2 IDP. Afterwards, you need to enable the the XACML policy. For more information, see Rule Based Provisioning

  4. Click Update.

...