Sometimes it is necessary to seperate ForgeRock Identity Manager from being available on the Internet and accessing Internet based services such as Salesforce. So what can you do?
Well take a look at Remote Connector to discover the Framework used to host a Connector closer to the Edges of your networks.
The basic steps are
- Configure Salesforce Connected App
- Deploy a Remote Connector Server
- Configure ForgeRock Identity Manager to use the instance created above.
- Start synchronizing
Configure Salesforce Connected App
This article details how to configure a Connected App for use within this article.
Deploy a Remote Connector Server
For this we will create a Dockerfile, that adds the Salesforce Connector it.
Please Note: that you must have a registered account with ForgeRock Backstage to be able to have a license for using the Salesforce Connector and this is for Eductional Purpose only.
ARG FR_RCS_TAG=1.5.20.21
ARG FR_TAG=7.5.0
FROM gcr.io/forgerock-io/idm:${FR_TAG} as fr_idm_base
# Runtime deployment
FROM gcr.io/forgerock-io/rcs:${FR_RCS_TAG}
# Add the Salesforce Connector
COPY --from=fr_idm_base --chown=forgerock:forgerock /opt/openidm/connectors/salesforce-connector-1.5.20.21.jar
You can then build and deploy into your private repository using the following
docker build . -t frq/rcs:1.5.20.21
docker push frq/rcs:1.5.20.21
Now we need to have this up and running and it is assumed you already have a instance running in Docker, named frq-idm
docker run -it --rm --name frq-idm --publish 8080:8080 frq/idm:7.5.0
docker run -it --rm --name frq-rcs --publish 8759:8759 frq/rcs:1.5.20.21
Configure ForgeRock Identity Manager
- Create a file in you FRIM config directory
provisioner.openicf.connectorinfoprovider.jsonwith the following contents
{
"remoteConnectorServers": [
{
"name": "frq-rcs",
"host": "frq-rcs",
"port": 8759,
"useSSL": false,
"key": "changeit"
}
]
}
and restart your FRIM Instance.
- Connect to your FRIM Admin Console.
- Select
Configure->Connectors->New Connector. - Provide the following details
| Key | Value |
|---|---|
| Connector Name | Salesforce |
| Remote Host | frq-rcs |
| Connector Type | Salesforce Connector - 1.5.20.21 |
| Login URL | Production |
| Consumer Key | <CONSUMER_KEY> |
| Consumer Secret | <CONSUMER_SECRET> |
| Grant Type | Refresh token |
and click the Save button.
- It will redirect to the Salesforce login screen if you are not logged in or come back to the ForgeRock Identity Manager Connector Screen.
- Click on the
Datatab and you will be able to getUserdata from Salesforce.
Alternative approach
An alternative approach is to create a file provisioner.openicf-Salesforce.json with the followinf conten
{
"connectorRef": {
"displayName": "Salesforce Connector",
"bundleVersion": "1.5.20.21",
"systemType": "provisioner.openicf",
"bundleName": "org.forgerock.openicf.connectors.salesforce-connector",
"connectorName": "org.forgerock.openicf.connectors.salesforce.SalesforceConnector",
"connectorHostRef": ""
},
"poolConfigOption": {
"maxObjects": 10,
"maxIdle": 10,
"maxWait": 150000,
"minEvictableIdleTimeMillis": 120000,
"minIdle": 1
},
"resultsHandlerConfig": {
"enableNormalizingResultsHandler": false,
"enableFilteredResultsHandler": false,
"enableCaseInsensitiveFilter": false,
"enableAttributesToGetSearchResultsHandler": true
},
"operationTimeout": {
"CREATE": -1,
"UPDATE": -1,
"DELETE": -1,
"TEST": -1,
"SCRIPT_ON_CONNECTOR": -1,
"SCRIPT_ON_RESOURCE": -1,
"GET": -1,
"RESOLVEUSERNAME": -1,
"AUTHENTICATE": -1,
"SEARCH": -1,
"VALIDATE": -1,
"SYNC": -1,
"SCHEMA": -1
},
"configurationProperties": {
"clientId": "<CONSUMER_KEY>",
"clientSecret": "<CONSUMER_SECRET>",
"grantType": "refresh_token",
"refreshToken": "<REFRESH_TOKEN>,
"loginUrl": "https://login.salesforce.com/services/oauth2/token",
"instanceUrl": "https://<DEV_DF_HOSTNAME>.lightning.force.com/",
"version": 48,
"connectTimeout": 120000,
"proxyHost": null,
"proxyPort": 3128,
"maximumConnections": 10,
"supportedObjectTypes": [
"User"
],
"proxyUri": null,
"proxyUsername": null,
"proxyPassword": null,
"supportedFeatureLicenses": [
"UserPermissionsChatterAnswersUser",
"UserPermissionsInteractionUser",
"UserPermissionsKnowledgeUser",
"UserPermissionsLiveAgentUser",
"UserPermissionsMarketingUser",
"UserPermissionsOfflineUser",
"UserPermissionsSFContentUser",
"UserPermissionsSupportUser",
"UserPermissionsSiteforceContributorUser",
"UserPermissionsSiteforcePublisherUser",
"UserPermissionsWorkDotComUserFeature"
]
},
"enabled": true
}
Just remember to populate the values of
<CONSUMER_KEY><CONSUMER_SECRET><REFRESH_TOKEN>-
<DEV_DF_HOSTNAME>With values collected when registering the Connected App using the instructions at https://dev.to/darkedges/salesforce-connected-app-57jd
Conclusion
In our next post we will look at how to reduce the data being loaded, as well as being able to populate User, Permission and Permission Set objects.
Top comments (0)