DarkEdges

Posted on Aug 17

ForgeRock Identity Manager and Remote Connector Server

#forgerock #identitymanager #remoteconnectorserver

Sometimes it is necessary to seperate ForgeRock Identity Manager from being available on the Internet and accessing Internet based services such as Salesforce. So what can you do?

Well take a look at Remote Connector to discover the Framework used to host a Connector closer to the Edges of your networks.

The basic steps are

Configure Salesforce Connected App
Deploy a Remote Connector Server
Configure ForgeRock Identity Manager to use the instance created above.
Start synchronizing

Configure Salesforce Connected App

This article details how to configure a Connected App for use within this article.

Deploy a Remote Connector Server

For this we will create a Dockerfile, that adds the Salesforce Connector it.

Please Note: that you must have a registered account with ForgeRock Backstage to be able to have a license for using the Salesforce Connector and this is for Eductional Purpose only.

ARG FR_RCS_TAG=1.5.20.21
ARG FR_TAG=7.5.0

FROM gcr.io/forgerock-io/idm:${FR_TAG} as fr_idm_base

# Runtime deployment
FROM gcr.io/forgerock-io/rcs:${FR_RCS_TAG}

# Add the Salesforce Connector
COPY --from=fr_idm_base --chown=forgerock:forgerock /opt/openidm/connectors/salesforce-connector-1.5.20.21.jar

You can then build and deploy into your private repository using the following

docker build . -t frq/rcs:1.5.20.21
docker push frq/rcs:1.5.20.21

Now we need to have this up and running and it is assumed you already have a instance running in Docker, named frq-idm

docker run -it --rm --name frq-idm --publish 8080:8080 frq/idm:7.5.0
docker run -it --rm --name frq-rcs --publish 8759:8759 frq/rcs:1.5.20.21

Configure ForgeRock Identity Manager

Create a file in you FRIM config directory provisioner.openicf.connectorinfoprovider.json with the following contents

   {
       "remoteConnectorServers": [
           {
               "name": "frq-rcs",
               "host": "frq-rcs",
               "port": 8759,
               "useSSL": false,
               "key": "changeit"
           }
       ]
   }

and restart your FRIM Instance.

Connect to your FRIM Admin Console.
Select Configure -> Connectors -> New Connector.
Provide the following details

Key	Value
Connector Name	`Salesforce`
Remote Host	`frq-rcs`
Connector Type	`Salesforce Connector - 1.5.20.21`
Login URL	`Production`
Consumer Key	`<CONSUMER_KEY>`
Consumer Secret	`<CONSUMER_SECRET>`
Grant Type	`Refresh token`

and click the Save button.

It will redirect to the Salesforce login screen if you are not logged in or come back to the ForgeRock Identity Manager Connector Screen.
Click on the Data tab and you will be able to get User data from Salesforce.

Alternative approach

An alternative approach is to create a file provisioner.openicf-Salesforce.json with the followinf conten

{
    "connectorRef": {
        "displayName": "Salesforce Connector",
        "bundleVersion": "1.5.20.21",
        "systemType": "provisioner.openicf",
        "bundleName": "org.forgerock.openicf.connectors.salesforce-connector",
        "connectorName": "org.forgerock.openicf.connectors.salesforce.SalesforceConnector",
        "connectorHostRef": ""
    },
    "poolConfigOption": {
        "maxObjects": 10,
        "maxIdle": 10,
        "maxWait": 150000,
        "minEvictableIdleTimeMillis": 120000,
        "minIdle": 1
    },
    "resultsHandlerConfig": {
        "enableNormalizingResultsHandler": false,
        "enableFilteredResultsHandler": false,
        "enableCaseInsensitiveFilter": false,
        "enableAttributesToGetSearchResultsHandler": true
    },
    "operationTimeout": {
        "CREATE": -1,
        "UPDATE": -1,
        "DELETE": -1,
        "TEST": -1,
        "SCRIPT_ON_CONNECTOR": -1,
        "SCRIPT_ON_RESOURCE": -1,
        "GET": -1,
        "RESOLVEUSERNAME": -1,
        "AUTHENTICATE": -1,
        "SEARCH": -1,
        "VALIDATE": -1,
        "SYNC": -1,
        "SCHEMA": -1
    },
    "configurationProperties": {
        "clientId": "<CONSUMER_KEY>",
        "clientSecret": "<CONSUMER_SECRET>",
        "grantType": "refresh_token",
        "refreshToken": "<REFRESH_TOKEN>,
        "loginUrl": "https://login.salesforce.com/services/oauth2/token",
        "instanceUrl": "https://<DEV_DF_HOSTNAME>.lightning.force.com/",
        "version": 48,
        "connectTimeout": 120000,
        "proxyHost": null,
        "proxyPort": 3128,
        "maximumConnections": 10,
        "supportedObjectTypes": [
            "User"
        ],
        "proxyUri": null,
        "proxyUsername": null,
        "proxyPassword": null,
        "supportedFeatureLicenses": [
            "UserPermissionsChatterAnswersUser",
            "UserPermissionsInteractionUser",
            "UserPermissionsKnowledgeUser",
            "UserPermissionsLiveAgentUser",
            "UserPermissionsMarketingUser",
            "UserPermissionsOfflineUser",
            "UserPermissionsSFContentUser",
            "UserPermissionsSupportUser",
            "UserPermissionsSiteforceContributorUser",
            "UserPermissionsSiteforcePublisherUser",
            "UserPermissionsWorkDotComUserFeature"
        ]
    },
    "enabled": true
}

Just remember to populate the values of

<CONSUMER_KEY>
<CONSUMER_SECRET>
<REFRESH_TOKEN>
<DEV_DF_HOSTNAME> With values collected when registering the Connected App using the instructions at https://dev.to/darkedges/salesforce-connected-app-57jd

Conclusion

In our next post we will look at how to reduce the data being loaded, as well as being able to populate User, Permission and Permission Set objects.

DEV Community

ForgeRock Identity Manager and Remote Connector Server

Configure Salesforce Connected App

Deploy a Remote Connector Server

Configure ForgeRock Identity Manager

Alternative approach

Conclusion

Top comments (0)

Read next

isclose and equal in PyTorch

Key differences between BPMN diagrams and Optimajet .NET Workflow Engine process schemes

eq and ne in PyTorch

Challenges and Solutions in Implementing AI for Software Testing