Hi:
Yes, I did this integration once for a customer with OpenID Connect flow. Here are the high-level steps:
The Code Flow consists of the following steps:
1. Client prepares an Authentication Request containing the desired request parameters.
2. Client sends the request to the Authorization Server.
3. Authorization Server authenticates the End-User.
4. Authorization Server obtains End-User Consent/Authorization.
5. Authorization Server sends the End-User back to the Client with code.
6. Client sends the code to the Token Endpoint to receive an Access Token and ID Token in the response.
7. Client validates the tokens and retrieves the End-User's Subject Identifier.
High Level steps to configure in MAG (Authentication Server) and Salesforce (Client)
1. Test MAG to ensure it is working
2. Register Client (Salesforce) in MAG, record the Client Key and Secret to be used in Salesforce
3. In Salesforce, setup OPENID as AUTH provider (Client Key and Secret) created in step 2 needs to be used when setting up OPENID as AUTH Provider.
4. In Salesforce, mydomain needs to be enabled and provide a domain name, then add the above Auth Service to the Login Page of the domain.
5. Update the Call Back URL in Oauth Manager with the Domain created in step 4 above.
6. Test OAUTH from the client.
------------------------------
Global Capabilities Delivery Architect - APIM
Broadcom Inc.
Vancouver, B.C. Canada
------------------------------
Original Message:
Sent: 01-27-2021 07:21 PM
From: Aniket Negi
Subject: Salesforce Login integration
Any reply will be appreciated.
Original Message:
Sent: 01-22-2021 11:51 AM
From: Aniket Negi
Subject: Salesforce Login integration
I'm trying to see here if anyone has been able to successfully integrate native mobile application with Layer7 API Gateway login page with Salesforce.com IdP (SF IdP). Here is the an architecture below.
1. Mobile Customers app (call Layer7 authorize login endpoint) --> Layer7 (facilitates the login page and customer auth'n with SF IdP) --> SF IdP (Not sure which auth flow will be used) --> Layer7 (successful customer logins) --> Customers (200 Ok)
We have been able to integrate mobile apps with Layer7 and SF IdP when calling the token endpoint. Here is an architecture below which works for us:
2. Mobile Customers app (call Layer7 token endpoint) --> Layer7 (introspect the tokens with SF IdP) --> SF IdP (JWT IdP, OAuth 2.0 flow, SAML) --> Layer7 (successfully retrieves tokens) --> Customers (200 Ok)
This is not related to MAG. This is purely Layer7 API Gateway policy integration with SF IdP when calling the Authorize endpoint. Also SF cloud does not support username-password grant type. So question is around the Authorization Code flow integration (auth'n protocol can be OpenID Connect or OAuth or SAML).
Here is the integration page from SF. https://help.salesforce.com/articleView?id=remoteaccess_oauth_flows.htm&type=5