DEV Community

DarkEdges
DarkEdges

Posted on

ForgeRock Identity Manager and Remote Connector Server

Sometimes it is necessary to seperate ForgeRock Identity Manager from being available on the Internet and accessing Internet based services such as Salesforce. So what can you do?

Well take a look at Remote Connector to discover the Framework used to host a Connector closer to the Edges of your networks.

The basic steps are

  1. Configure Salesforce Connected App
  2. Deploy a Remote Connector Server
  3. Configure ForgeRock Identity Manager to use the instance created above.
  4. Start synchronizing

Configure Salesforce Connected App

This article details how to configure a Connected App for use within this article.

Deploy a Remote Connector Server

For this we will create a Dockerfile, that adds the Salesforce Connector it.

Please Note: that you must have a registered account with ForgeRock Backstage to be able to have a license for using the Salesforce Connector and this is for Eductional Purpose only.

ARG FR_RCS_TAG=1.5.20.21
ARG FR_TAG=7.5.0

FROM gcr.io/forgerock-io/idm:${FR_TAG} as fr_idm_base

# Runtime deployment
FROM gcr.io/forgerock-io/rcs:${FR_RCS_TAG}

# Add the Salesforce Connector
COPY --from=fr_idm_base --chown=forgerock:forgerock /opt/openidm/connectors/salesforce-connector-1.5.20.21.jar 
Enter fullscreen mode Exit fullscreen mode

You can then build and deploy into your private repository using the following

docker build . -t frq/rcs:1.5.20.21
docker push frq/rcs:1.5.20.21
Enter fullscreen mode Exit fullscreen mode

Now we need to have this up and running and it is assumed you already have a instance running in Docker, named frq-idm

docker run -it --rm --name frq-idm --publish 8080:8080 frq/idm:7.5.0
docker run -it --rm --name frq-rcs --publish 8759:8759 frq/rcs:1.5.20.21
Enter fullscreen mode Exit fullscreen mode

Configure ForgeRock Identity Manager

  1. Create a file in you FRIM config directory provisioner.openicf.connectorinfoprovider.json with the following contents
   {
       "remoteConnectorServers": [
           {
               "name": "frq-rcs",
               "host": "frq-rcs",
               "port": 8759,
               "useSSL": false,
               "key": "changeit"
           }
       ]
   }
Enter fullscreen mode Exit fullscreen mode

and restart your FRIM Instance.

  1. Connect to your FRIM Admin Console.
  2. Select Configure -> Connectors -> New Connector.
  3. Provide the following details
Key Value
Connector Name Salesforce
Remote Host frq-rcs
Connector Type Salesforce Connector - 1.5.20.21
Login URL Production
Consumer Key <CONSUMER_KEY>
Consumer Secret <CONSUMER_SECRET>
Grant Type Refresh token

and click the Save button.

Image description

  1. It will redirect to the Salesforce login screen if you are not logged in or come back to the ForgeRock Identity Manager Connector Screen.
  2. Click on the Data tab and you will be able to get User data from Salesforce. Image description

Alternative approach

An alternative approach is to create a file provisioner.openicf-Salesforce.json with the followinf conten

{
    "connectorRef": {
        "displayName": "Salesforce Connector",
        "bundleVersion": "1.5.20.21",
        "systemType": "provisioner.openicf",
        "bundleName": "org.forgerock.openicf.connectors.salesforce-connector",
        "connectorName": "org.forgerock.openicf.connectors.salesforce.SalesforceConnector",
        "connectorHostRef": ""
    },
    "poolConfigOption": {
        "maxObjects": 10,
        "maxIdle": 10,
        "maxWait": 150000,
        "minEvictableIdleTimeMillis": 120000,
        "minIdle": 1
    },
    "resultsHandlerConfig": {
        "enableNormalizingResultsHandler": false,
        "enableFilteredResultsHandler": false,
        "enableCaseInsensitiveFilter": false,
        "enableAttributesToGetSearchResultsHandler": true
    },
    "operationTimeout": {
        "CREATE": -1,
        "UPDATE": -1,
        "DELETE": -1,
        "TEST": -1,
        "SCRIPT_ON_CONNECTOR": -1,
        "SCRIPT_ON_RESOURCE": -1,
        "GET": -1,
        "RESOLVEUSERNAME": -1,
        "AUTHENTICATE": -1,
        "SEARCH": -1,
        "VALIDATE": -1,
        "SYNC": -1,
        "SCHEMA": -1
    },
    "configurationProperties": {
        "clientId": "<CONSUMER_KEY>",
        "clientSecret": "<CONSUMER_SECRET>",
        "grantType": "refresh_token",
        "refreshToken": "<REFRESH_TOKEN>,
        "loginUrl": "https://login.salesforce.com/services/oauth2/token",
        "instanceUrl": "https://<DEV_DF_HOSTNAME>.lightning.force.com/",
        "version": 48,
        "connectTimeout": 120000,
        "proxyHost": null,
        "proxyPort": 3128,
        "maximumConnections": 10,
        "supportedObjectTypes": [
            "User"
        ],
        "proxyUri": null,
        "proxyUsername": null,
        "proxyPassword": null,
        "supportedFeatureLicenses": [
            "UserPermissionsChatterAnswersUser",
            "UserPermissionsInteractionUser",
            "UserPermissionsKnowledgeUser",
            "UserPermissionsLiveAgentUser",
            "UserPermissionsMarketingUser",
            "UserPermissionsOfflineUser",
            "UserPermissionsSFContentUser",
            "UserPermissionsSupportUser",
            "UserPermissionsSiteforceContributorUser",
            "UserPermissionsSiteforcePublisherUser",
            "UserPermissionsWorkDotComUserFeature"
        ]
    },
    "enabled": true
}
Enter fullscreen mode Exit fullscreen mode

Just remember to populate the values of

Conclusion

In our next post we will look at how to reduce the data being loaded, as well as being able to populate User, Permission and Permission Set objects.

Top comments (0)