Sometimes it is necessary to seperate ForgeRock Identity Manager from being available on the Internet and accessing Internet based services such as Salesforce. So what can you do?
Well take a look at Remote Connector to discover the Framework used to host a Connector closer to the Edges of your networks.
The basic steps are
- Configure Salesforce Connected App
- Deploy a Remote Connector Server
- Configure ForgeRock Identity Manager to use the instance created above.
- Start synchronizing
Configure Salesforce Connected App
This article details how to configure a Connected App for use within this article.
Deploy a Remote Connector Server
For this we will create a Dockerfile
, that adds the Salesforce Connector it.
Please Note: that you must have a registered account with ForgeRock Backstage to be able to have a license for using the Salesforce Connector and this is for Eductional Purpose only.
ARG FR_RCS_TAG=1.5.20.21
ARG FR_TAG=7.5.0
FROM gcr.io/forgerock-io/idm:${FR_TAG} as fr_idm_base
# Runtime deployment
FROM gcr.io/forgerock-io/rcs:${FR_RCS_TAG}
# Add the Salesforce Connector
COPY --from=fr_idm_base --chown=forgerock:forgerock /opt/openidm/connectors/salesforce-connector-1.5.20.21.jar
You can then build and deploy into your private repository using the following
docker build . -t frq/rcs:1.5.20.21
docker push frq/rcs:1.5.20.21
Now we need to have this up and running and it is assumed you already have a instance running in Docker, named frq-idm
docker run -it --rm --name frq-idm --publish 8080:8080 frq/idm:7.5.0
docker run -it --rm --name frq-rcs --publish 8759:8759 frq/rcs:1.5.20.21
Configure ForgeRock Identity Manager
- Create a file in you FRIM config directory
provisioner.openicf.connectorinfoprovider.json
with the following contents
{
"remoteConnectorServers": [
{
"name": "frq-rcs",
"host": "frq-rcs",
"port": 8759,
"useSSL": false,
"key": "changeit"
}
]
}
and restart your FRIM Instance.
- Connect to your FRIM Admin Console.
- Select
Configure
->Connectors
->New Connector
. - Provide the following details
Key | Value |
---|---|
Connector Name | Salesforce |
Remote Host | frq-rcs |
Connector Type | Salesforce Connector - 1.5.20.21 |
Login URL | Production |
Consumer Key | <CONSUMER_KEY> |
Consumer Secret | <CONSUMER_SECRET> |
Grant Type | Refresh token |
and click the Save
button.
- It will redirect to the Salesforce login screen if you are not logged in or come back to the ForgeRock Identity Manager Connector Screen.
- Click on the
Data
tab and you will be able to getUser
data from Salesforce.
Alternative approach
An alternative approach is to create a file provisioner.openicf-Salesforce.json
with the followinf conten
{
"connectorRef": {
"displayName": "Salesforce Connector",
"bundleVersion": "1.5.20.21",
"systemType": "provisioner.openicf",
"bundleName": "org.forgerock.openicf.connectors.salesforce-connector",
"connectorName": "org.forgerock.openicf.connectors.salesforce.SalesforceConnector",
"connectorHostRef": ""
},
"poolConfigOption": {
"maxObjects": 10,
"maxIdle": 10,
"maxWait": 150000,
"minEvictableIdleTimeMillis": 120000,
"minIdle": 1
},
"resultsHandlerConfig": {
"enableNormalizingResultsHandler": false,
"enableFilteredResultsHandler": false,
"enableCaseInsensitiveFilter": false,
"enableAttributesToGetSearchResultsHandler": true
},
"operationTimeout": {
"CREATE": -1,
"UPDATE": -1,
"DELETE": -1,
"TEST": -1,
"SCRIPT_ON_CONNECTOR": -1,
"SCRIPT_ON_RESOURCE": -1,
"GET": -1,
"RESOLVEUSERNAME": -1,
"AUTHENTICATE": -1,
"SEARCH": -1,
"VALIDATE": -1,
"SYNC": -1,
"SCHEMA": -1
},
"configurationProperties": {
"clientId": "<CONSUMER_KEY>",
"clientSecret": "<CONSUMER_SECRET>",
"grantType": "refresh_token",
"refreshToken": "<REFRESH_TOKEN>,
"loginUrl": "https://login.salesforce.com/services/oauth2/token",
"instanceUrl": "https://<DEV_DF_HOSTNAME>.lightning.force.com/",
"version": 48,
"connectTimeout": 120000,
"proxyHost": null,
"proxyPort": 3128,
"maximumConnections": 10,
"supportedObjectTypes": [
"User"
],
"proxyUri": null,
"proxyUsername": null,
"proxyPassword": null,
"supportedFeatureLicenses": [
"UserPermissionsChatterAnswersUser",
"UserPermissionsInteractionUser",
"UserPermissionsKnowledgeUser",
"UserPermissionsLiveAgentUser",
"UserPermissionsMarketingUser",
"UserPermissionsOfflineUser",
"UserPermissionsSFContentUser",
"UserPermissionsSupportUser",
"UserPermissionsSiteforceContributorUser",
"UserPermissionsSiteforcePublisherUser",
"UserPermissionsWorkDotComUserFeature"
]
},
"enabled": true
}
Just remember to populate the values of
<CONSUMER_KEY>
<CONSUMER_SECRET>
<REFRESH_TOKEN>
-
<DEV_DF_HOSTNAME>
With values collected when registering the Connected App using the instructions at https://dev.to/darkedges/salesforce-connected-app-57jd
Conclusion
In our next post we will look at how to reduce the data being loaded, as well as being able to populate User
, Permission
and Permission Set
objects.
Top comments (0)