Outbound Provisioning for External Apps

The WSO2 App Manager facilitates outbound provisioning (by skipping the creation of the proxy Web app) to different external domains such as Salesforce, Google, Facebook, etc. Following sections describe how you can implement outbound provisioning to Salesforce using WSO2 App Manager.

Configuring Salesforce

Follow the steps below to configure Salesforce for outbound provisioning with WSO2 AppM.

Signing-up as a Salesforce developer

Follow the steps below to sign-up as a Salesforce developer.

1. Access the following sign-up URL using your Web browser: https://developer.salesforce.com/signup
2. Enter the details as shown below, to get a free development environment by signing-up.
   

3. Click Sign me up. You receive a confirmation email. 

4. Click the confirmation link in the email to confirm your account creation.

5. Fill out a password and a security question for your account as shown below.

   

6. Click Save .

7. Access the following URL using your Web browser: https://developer.salesforce.com/

8. Click the  Login button in the top right upper corner of the screen.
   

9. Log in with your new credentials as a Salesforce developer as shown below.

   

10. Click Allow for Salesforce to access your basic information in the below screen.

    

Creating a developer domain

Follow the steps below to create a developer domain.

1. Access the following URL using your Web browser:  https://ap2.salesforce.com/setup/forcecomHomepage.apexp
2. Click Administer in the left navigation menu, and then click My Domain under Domain Management.
   
3. Enter a unique domain name in the below screen. (For example: petergappm). Click Check Availability , to check its availability.
   
4. Check I agree to the Terms and Conditions , and t hen click Register Domain .  Your domain is ready to use, once you receive a confirmation email after the DNS registration is completed for it.
5. Click Administer in the left navigation menu, and then click My Domain under Domain Management. You view the below screen.
   

6. Click Click here to login . It redirects you to your domain.

7. Click Deploy to users . Click  OK in the pop-up confirmation alert as shown below .

   

Enabling single sign-on

Follow the steps below to enable single sign-on in Salesforce.

1. Log in to your domain using its URL and credentials (E.g. https://petergappm-dev-ed.my.salesforce.com) 
2. Click  Administer in the left navigation menu, and then click  Single Sign-On Settings under Security Controls. You view the below screen.
   
   
3. Click Edit, check SAML Enabled, and then  click Save .
4. Click New  in SAML Single Sign-On Settings section.

5. Enter the following configurations as shown below.

   • Issuer: localhost
   • Entity Id: https://saml.salesforce.com
   • Identity Provider Login URL: https://localhost:9443/samlsso
   • Identity Provider Logout URL: https://localhost:9443/samlsso

   

6. Click Chose File, and upload the Identity Provider Certificate.

   Navigate to the <AppM_HOME>/repository/resources/security/ directory, and execute the following command in the CLI to create an IDP certificate: keytool -export -keystore wso2carbon.jks -alias wso2carbon -file wso2.crt -­storepass wso2carbon

7. Click Save.

   The Salesforce Login URL in the Endpoints section should be similar to https://petergappm-dev-ed.my.salesforce.com?so=00D28000000UBRU.

8. Click Administer in the left navigation menu, and then click My Domain under Domain Management. You view the below screen.

   

9. Click Edit in the Authentication Configuration section.

10. Check AppMSSO in Authentication Service as shown below, and click Save.
    

Configuring WSO2 App Manager

 You use an email address to log in to Salesforce. Therefore, to integrate this email address with the Identity Server, you need to configure WSO2 App Manager to enable you to log in to it using it. Follow the steps below to configure WSO2 AppM by enabling the email login in it for outbound provisioning for Salesforce.

Configuring the carbon.xml file

Uncomment the following configuration in the <AppM_HOME>/repository/conf/carbon.xml file, to enable email authentication: <EnableEmailUserName>true</EnableEmailUserName> 

Configuring the user-mgt.xml file

Do the following configurations in the <AppM_HOME>/repository/conf/user-mgt.xml file.

1. Enter the email attribute of the admin user as the value of the <UserName> property, within the <AdminUser> element of the <realm> configurations as shown below.  

   <UserManager>
       <Realm>
           <Configuration>
   		<AddAdmin>true</AddAdmin>
                   <AdminRole>admin</AdminRole>
                   <AdminUser>
                        <UserName>admin</UserName>
                        <Password>admin</Password>
                   </AdminUser>
           </Configuration>
    	</Realm>
   </UserManager> 

   Regardless of the user store manager being used (LDAP, Active Directory or JDBC-based), do the following configurations to the respective user store manager.

2. Change the value of the <IsEmailUserName> property to true, to enable it as follows: <Property name="IsEmailUserName">true</Property>
   
3. Set the value of the <UsernameWithEmailJavaScriptRegEx> property as follows: <Property name="UsernameWithEmailJavaScriptRegEx">^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$</Property>

Configuring the app-manager.xml file

 Enter the email address of the admin user as the value of the <Username> property in all the following configurations in the <AppM_HOME>/repository/conf/app-manager.xml file as shown in the example below. 

<Username>admin@wso2.com</Username>

• <AuthManager> 
  
• <APIGateway> (In all <Environment> types)
• <APIKeyManager>
• <SSOConfiguration> (In every <Configurator>)
• <EntitlementServiceConfiguration>