Salesforce and Ebase

[alexmcclune]

Hi,

Just wondering if there are any Ebase customers integrating Ebase with Salesforce?

We have been doing it for quite some time without any problems but it could be nice to have a discussion around how things are done to improve the way things are done.

For example I currently use REST web services, about 5 in total that give me the ability to login, query, create and update Salesforce Records.

Thanks,
Alex

[Segi]

Hi,

Can you share with me how you set up the SF integration. I set up a REST service for this but I am trying to figure out how to make it authenticate.

On top of that I believe that once you authenticate, you need to use a different endpoint to retrieve data. Is that correct ?

I created a connected app in Salesforce.

In my REST object I used

Target BASE URI: https://login.salesforce.com/

In the endpoint I added these request parameters

client_id: my client id from SF connected app
client_secret: my client secret from SF connected app
grant_type: password (not my password but the actual text password)
username: my SF username
password: my SF password + my security token

When I test this endpoint it fails to authenticate with the error:
error":"invalid_grant","error_description":"authentication failure"}

I'm following a guideline that I got directly from SF support which is at this URL:

https://developer.salesforce.com/docs/a ... h_flow.htm

Edit: I found that there was an OAuth policy that was blocking my login.

Which authentication flow do you use of the 3 that Salesforce provides ? Web-Server flow, user-agent flow or username-password flow ?

I am at the point now where I'm trying to fetch data but my REST API to retrieve the data isn't working yet... Any help there would be appreciated.

[alexmcclune]

Is your Endpoint URI within the Endpoint correct?

Your setup is not far away from mine. I can document it all out for you if you like. But whilst your base URI is right, you will still need "/services/oauth2/token" within the endpoint's Endpoint URI. Naturally it is uses the POST method. Your request query parameters look correct, I do have a request header of Content-Type: application/x-www-form-urlencoded but it may not be required.

Can you confirm your endpoint and if it doesn't work I'll document out my SF Login REST webservice for you.

[Segi]

Alex,

I was able to get it to authenticate using the URL against the URL https://login.salesforce.com/services/oauth2/token

I am now trying to figure out how to fetch data. I created another REST service with the following parameters:

Target Base URI: https://na3.salesforce.com/
Endpoint URL: services/data/v20.0/

Request Query Parameters:
access_token: <My>
instance_url: https://na3.salesforce.com/

When I test this endpoint I get an error

[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]

I think that I'm missing a request query parameter but I'm not sure

[alexmcclune]

Hi,

The Response from the login web service will include two parts. The Session URI and the Session Token. These change every session so you'll need to pass them to your other web services.

The endpoint URL includes the API version (20 is quite old) etc looks ok but a bit incomplete. You will need to specifiy what you want to do with the web service (Salesforce's web services are incredibly powerful, they are "virtually" limitless). Again I use parameters again to build this but it looks like the end result is a URI like this:

https://XXX.salesforce.com/services/data/v32.0/query?q=

This is a query with Salesforce so I can pass SOQL to the web service and be returned something. I would recommend looking a the Salesforce REST documentation to determine the exact URI: https://developer.salesforce.com/docs/? ... sort=title

A full URI using the above would look like this:

https://XXX.salesforce.com/services/dat ... mail.value

Hope it makes sense

[Segi]

Alex,

Would you be able to show me a screenshot of the endpoint that fetches the data so I can see how you set up the parameters for it. This is what I'm having an issue with.

[alexmcclune]

Yeah no problem, see screenshot below (not authorization requirements in the headers too).

Again this is the query service, it is what I use to return ID's to me for upserting or displaying information to users (for example a product list etc).




It may not be setup perfectly as designed but it does work for myself. As you would expect the Target Base URI under general should now be &&ACCESS_URL and this is passed into it from the results of the login rest.

[Segi]

Thanks for that screenshot. The "Authorization: OAuth" field in the request header is what I was missing.

The REST resource that I am using to authenticate uses the Username-Password method for authentication.

I am having trouble understanding the User-Webflow authentication method as far as how you would pass the value of the response fields from a JSP based callback URL into Ebase form fields. Which of the 3 authentication methods do you use for authenticating with SalesForce ?

I want to make sure that I set up the REST resource that fetches the data correctly but I have a feeling that my method might not be the best way of doing things.

This is how it is set up:

General->Target Base URI: &&instance_url

Under endpoints:

Endpoint URI: /services/data/v40.0/query?q=&&query (Did you get the field &&API_VERSION from the authentication REST service or is this hard coded as the fields' value ?)

Method: Get

Request
---------
Body: <blank>

Request Query parameters
------------------------------
Name: query Value: &&query

Request Headers
-------------------
Name : Content-Type Value: application/x-www-form-urlencoded
Name: Authorization: Value: OAuth &&access_token

Response
-----------
Body: &&response
Status code: &&responseStatusCode

Response Headers
--------------------
<blank>

Resource Fields
-----------------
access_token
response
responseStatusCode
instance_url
query

Both REST resources are tied to a form and the form has fields (access_token,query etc) that are mapped to both REST resources.

The forms' before page event looks like this:

Code: Select all

// Authenticate with Salesforce
resources.SalesForceUser.call();

// Parse response
var obj=JSON.parse(fields.response.value);

// If an error occurred, do nothing else
if (obj["error"] != null) {
     event.owner.addErrorMessage("Error: The error " + obj["error"] + " occurred with the description " + obj["error_description"])
     event.stopExecution();
}

// Save these response parameters
fields.access_token.value=obj["access_token"];
fields.instance_url.value=obj["instance_url"];

fields.response.value=null;

fields.query.value="SELECT+Email+From+Contact";

// Fetch the data
try {
     resources.SalesForceData.call();
} catch (e if e.javaException instanceof com.ebasetech.xi.exceptions.RestRuntimeException) {
     alert("An error occurred fetching the data " + e.toString());
     event.stopExecution();
} finally {
}

Is this similar to how you fetch Salesforce data ?

[Segi]

I'm having another issue now.

I developed the REST resource to authenticate with SalesForce on one of my Ebase instances (SERVER A), tested this resource and it authenticates correctly and returns the expected response. SERVER A uses a self signed SSL certificate which Firefox currently warns that its insecure but still functions.

I exported the REST resource and imported it into designer on Server B which is a completely separate Ebase instance.Server B uses a certificate from GoDaddy which is a trusted authority. When I test the REST resource on server B, I get an SSL related error:

Code: Select all

Error performing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I went to the URL of my SF instance (NA3) and exported the certificate in Firefox and imported it by doing:

-import -keystore tomcat.keystore -alias salesforcecrt -file salesforcecom.crt

and restarted Ebase but I am still having this problem.

[alexmcclune]

Hi,

Sounds like your getting there, to answer your questions:

-> I pass the API version from a setup script. So it is essentially hardcoded into the forms (based on the API version of the developed objects it is accessing).

-> Yes that does look similar to how I handle things.

Regarding the final error, I have had exactly that problem and like you two of my servers behaved differently. I can't remember how I resolved it but I think it worked by importing into the keystore like you did the first time but the second I remember disabling the security in Java somehow...I don't have the notes on what I did unfortunately. Maybe one to ask Ebase...

[Segi]

Is this the Java setting ?

-Dcom.sun.net.ssl.checkRevocation=false

It is supposed to disable verification of SSL certs.

Update: I tried adding this setting to the startup parameters and restarted Ebase and still have this issue. I'd appreciate help from Ebase in order to fix this SSL issue.

[alexmcclune]

I think so (it was quite a while ago but that rings a bell).

[Segi]

That setting didn't fix the problem for me. I'm still getting this error.

Any help from Ebase would be really appreciated

[Steve]

Hi Segi,

I think you need to set -Djavax.net.ssl.trustStore=<trust-store-location> as this contains all the CA certificates that are trusted by your application. I believe that you will need to create the trust store and import the GoDaddy certificate into it.

https://docs.oracle.com/cd/E19509-01/82 ... index.html

Kind regards

Steve

[Segi]

Steve

By trust store you mean the keystore file right ?

There's something that doesn't make sense to me.

Since my original post about this SSL issue, I have installed a trusted certificate (from Let'sEncrypt) on server A where I developed the SalesForce resources initially. The REST resource to authenticate with Salesforce still authenticates fine without any issues and server A doesn't have that Java startup parameter that points to the trust store.

Server B doesn't have that parameter either and doesn't work. I don't understand why I'd need to point server B to the trust server in order to get it to work when A doesn't have it and does work.

[Steve]

Hi Segi,

I did mean trust store and not keystore. These are different.

I am only going on what I have read on the internet myself:

https://stackoverflow.com/questions/634 ... th-keytool

I also thought the same as you, that Server A works and Server B does not.

There has to be an obvious reason why this is the case, as I am assuming they have identical software levels? Have you checked all the startup -D params are the same for each (this might seem silly question) for both the Integrated Server and External Server (if using). It might be also worth checking they are using the same Java level.

Steve

[Segi]

Steve,

Both servers are running Ebase 5.2.0.

Server A and B have almost the same startup parameters. Both have these parameters:

Code: Select all

-Dcatalina.base=C:\ebaseXi5\UfsServer\tomcat
-Dcatalina.home=C:\ebaseXi5\UfsServer\tomcat
-Dderby.system.home=c:\ebaseXi5\UfsServer\DB
-Djava.endorsed.dirs=C:\ebaseXi5\UfsServer\tomcat\endorsed
-DXX:MaxPermSize=512m -Djava.io.tmpdir=C:\ebaseXi5\UfsServer\tomcat\temp
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=C:\ebaseXi5\UfsServer\tomcat\conf\logging.properties

but Server B also has these additional parameters (I could be wrong but I think that they were picked up by the parameters of the Tomcat connector)

Code: Select all

-Djavax.net.ssl.keyStorePassword=MYPASSWORDHERE
-Djavax.net.ssl.keyStore=c:\ebaseXi5\keystore.jks
-Djavax.net.ssl.trustStorePassword=MYPASSWORDHERE
-Djavax.net.ssl.trustStore=c:\ebaseXi5\keystore.jks
-Dcom.sun.net.ssl.checkRevocation=false

I just added com.sun.net.ssl.checkRevocation=false recently to see if that parameter was needed to fix this issue but it didn't make a difference.

Server A is running Java 1.8.0_141-b15 and Server B is running Java 1.8.0_60-b27

Thanks

Segi

[Steve]

Hi Segi,

I am surprised that the GoDaddy certificate is not working. I think you posted a different post on the forum stating you had problems with GoDaddy certificates. I assume that GoDaddy could not help you with this problem?

All I can suggest is that you try debugging the SSL communication to see if that shows you where the problem is, see the link below:



http://docs.oracle.com/javase/7/docs/te ... Debug.html

Kind regards

Steve

[Segi]

Steve,

The problem that I had with GoDaddy SSL certs has been fixed.

As I mentioned, I have 2 different Ebase instances.

Server A which is my development server and uses a Lets Encrypt SSL certificate and is installed correctly.

Server B is our production instance of Ebase which has a GoDaddy certificate. I had some issues installing it but I have fixed them and the SSL cert from GoDaddy is correctly installed and working.

Although each instance has a cert from a different provider, that shouldn't make a difference as far as connecting to a REST end point goes as far as I'm aware.

The REST endpoint was created on A and authenticates correctly but I am getting this error after importing the resource into Server B