Layer7 API Management

  • Private Community
 View Only

  • 1.  Salesforce Login integration

    Posted Jan 22, 2021 11:52 AM

    I'm trying to see here if anyone has been able to successfully integrate native mobile application with Layer7 API Gateway login page with Salesforce.com IdP (SF IdP). Here is the an architecture below.

    1. Mobile Customers app (call Layer7 authorize login endpoint) --> Layer7 (facilitates the login page and customer auth'n with SF IdP) --> SF IdP (Not sure which auth flow will be used) --> Layer7 (successful customer logins) --> Customers (200 Ok) 

    We have been able to integrate mobile apps with Layer7 and SF IdP when calling the token endpoint. Here is an architecture below which works for us:


    2. Mobile Customers app (call Layer7 token endpoint) --> Layer7 (introspect the tokens with SF IdP) --> SF IdP (JWT IdP, OAuth 2.0 flow, SAML) --> Layer7 (successfully retrieves tokens) --> Customers (200 Ok)

    This is not related to MAG. This is purely Layer7 API Gateway policy integration with SF IdP when calling the Authorize endpoint. Also SF cloud does not support username-password grant type. So question is around the Authorization Code flow integration (auth'n protocol can be OpenID Connect or OAuth or SAML). 

    Here is the integration page from SF. https://help.salesforce.com/articleView?id=remoteaccess_oauth_flows.htm&type=5



  • 2.  RE: Salesforce Login integration

    Posted Jan 27, 2021 07:22 PM
    Any reply will be appreciated.
    Original Message


  • 3.  RE: Salesforce Login integration

    Broadcom Employee
    Posted Jan 28, 2021 08:22 PM
    Hi:

    Yes, I did this integration once for a customer with OpenID Connect flow.  Here are the high-level steps:

    The Code Flow consists of the following steps:
    1. Client prepares an Authentication Request containing the desired request parameters.
    2. Client sends the request to the Authorization Server.
    3. Authorization Server authenticates the End-User.
    4. Authorization Server obtains End-User Consent/Authorization.
    5. Authorization Server sends the End-User back to the Client with code.
    6. Client sends the code to the Token Endpoint to receive an Access Token and ID Token in the response.
    7. Client validates the tokens and retrieves the End-User's Subject Identifier.

    High Level steps to configure in MAG (Authentication Server) and Salesforce (Client)
    1. Test MAG to ensure it is working
    2. Register Client (Salesforce) in MAG, record the Client Key and Secret to be used in Salesforce
    3. In Salesforce, setup OPENID as AUTH provider (Client Key and Secret) created in step 2 needs to be used when setting up OPENID as AUTH Provider.
    4. In Salesforce, mydomain needs to be enabled and provide a domain name, then add the above Auth Service to the Login Page of the domain.
    5. Update the Call Back URL in Oauth Manager with the Domain created in step 4 above.
    6. Test OAUTH from the client.

    ------------------------------
    Global Capabilities Delivery Architect - APIM
    Broadcom Inc.
    Vancouver, B.C. Canada
    ------------------------------

    Original Message


  • 4.  RE: Salesforce Login integration

    Posted Feb 02, 2021 07:46 AM
    Thanks Alex, appreciate your response. Instead of step #4 ​you listed under high level steps, we are trying to present a first landing page in Layer7 or MAG. 

    Layer7 (Client) --> Salesforce (AS)

    I have been able to circumvent this situation using redirects. Not sure if you run into similar issue where your first landing page needed to be in Layer7 as login page, from there on the customer enter creds and get authenticated from SF IdP.

    My usecase (step #1) in my original posting is a tad bit different from your usecase. I have used the similar solution you proposed, in IoT and social login integrations.​
    Original Message


  • 5.  RE: Salesforce Login integration

    Posted Feb 02, 2021 07:46 AM
    Edited by Aniket Negi Feb 02, 2021 07:47 AM
    .


  • 6.  RE: Salesforce Login integration

    Posted Feb 26, 2021 10:27 AM
    Single sign-on (SSO) is an authentication method that enables users to access multiple applications with one login and one set of credentials. For example, after users log in to your org, they can automatically access all apps from the App Launcher. You can set up your Salesforce org to trust a third-party identity provider to authenticate users. Or you can configure a third-party app to rely on your org for authentication.
    You can configure your Salesforce org as an identity provider, a service provider, or both. For each of these use cases, you select the authentication protocol to use. Salesforce supports SSO with SAML and OpenID Connect. Salesforce also has preconfigured authentication providers that you can use to enable SSO with systems that have their own authentication protocols, like Facebook. For more information, see Single Sign-On Use Cases. To see a SAML SSO implementation where Salesforce is the identity provider, watch this video.

    Regards: salesforce classes in Pune, salesforce course in pune

    ------------------------------
    teacher
    https://www.sevenmentor.com/amazon-web-services-training-institute-in-pune.php
    ------------------------------

    Original Message


  • 7.  RE: Salesforce Login integration

    Posted Mar 04, 2021 01:20 AM
    Are you trying to sell something with this gibberish? I marked this as inappropriate answer.
    Original Message