Integrating with Salesforce - BETA - Documentation topics on: plugins,sales force,.

Integrating with Salesforce - BETA

This plugin can set connections to a Salesforce Server, retrieve roles keys stored on a field and sync the roles for the logged-in user. This is made by using OAuth 2.0 User-Password flow as authorization method, where Salesforce assigns an access token to the current user session. This access token is required for getting information from Salesforce server.

For more information, please refer to the following link:
https://help.salesforce.com/help/doc/en/remoteaccess_oauth_username_password_flow.htm
This plugin works for frontend and backend login. Also, it overrides the /html/portal/login.jsp file with a custom one that hides the "Forgot Password" link. Notes:
1) Frontend/Backend login must be set to email address.
2) SSL for Tomcat must be enabled. OAuth 2.0 works only with https connections.
Please see for more info
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
3) Salesforce integration works the same way than CAS/LDAP integration. A dummy password is saved in our database, since auth is handled directly in Salesforce. There is no way to pull the Salesforce password for any user. Also our "Forgot Password" feature is disabled so in case an user can't login, it's up to Salesforce admins to handle this type of issue. Additionally, a Salesforce user must be created for binding dotCMS with Salesforce. To make a successful binding, we require from this user:

  1. API Security Token
  2. Email
  3. Password

Please see the following reference wiki on how it works:
https://help.salesforce.com/help/doc/en/remoteaccess_oauth_username_password_flow.htm 4) Salesforce REST API works with Callback URLs. In order to set a redirect after login in Salesforce, we need to add at least two Remote Access methods for Salesforce, that will handle both frontend (/dotCMS/login) and backend (/admin or /c) login.
For creating a Remote Access in Salesforce, please take a look at this wiki:
https://developer.salesforce.com/page/Getting_Started_with_the_Force.com_REST_API Each Remote Access will generate a Client Id and Client Secret codes. These codes are required and it must be set in src-conf/dotmarketing-ext.properties file (please see item 4). Also, the Callback URLs are set as redirect urls for front-end and back-end in the same properties file.
5) Data retrieved from Salesforce is in JSON format. Although the output can be sent from Salesforce in XML, the default format is JSON and the code is built to handle only JSON objects sent from Salesforce.
6) In src-conf/dotmarketing-ext.properties file, this variable must be set to true:
SALESFORCE_LOGIN_FILTER_ON=true The Dynamic content path variable must be set to the actual dotsecure folder.
DYNAMIC_CONTENT_PATH=dotCMS/dotsecure
Also these variables are required:

## SALESFORCE URL FOR REQUESTING ACCESS TOKEN
#salesforce_token_request_url=https://test.salesforce.com/services/oauth2/token
#salesforce_redirect_uri_backend=https://localhost:8443/admin
#salesforce_redirect_uri_frontend=https://localhost:8443/dotCMS/login
#salesforce_environment=https://test.salesforce.com
#salesforce_search_user_url=https://cs7.salesforce.com/services/data/v26.0/sobjects/User/
## SALESFORCE VARIABLES - REQUIRED FOR USER-PASSWORD FLOW AUTH AND ACCESS TOKEN RETRIEVAL
#salesforce_grant_type=password
#salesforce_client_id_backend=xxxxxxxxxx
#salesforce_client_secret_backend=xxxxxxxxxx
#salesforce_client_id_frontend=xxxxxxxxxx
#salesforce_client_secret_frontend=xxxxxxxxxx
#salesforce_username=email@domain.org
#salesforce_password=xxxxxx
#salesforce_api_security_token=xxxxxxxxxx
## EXPECTED RETURN FORMAT
#salesforce_return_format=json
## URL TO SEARCH ON SALESFORCE (MUST INCLUDE API VERSION)
#salesforce_search_url=/services/data/v26.0/search

## OBJECT TO SEARCH ON SALESFORCE. MUST CONTAIN ONE OF THESE VALUES: CONTACT, USER, ACCOUNT
#salesforce_search_object=USER
## USER FIELDS TO SEARCH FOR ACCOUNT INFORMATION. PLEASE DO NOT CHANGE THIS VALUE
#salesforce_search_object_fields=FirstName,LastName,Email,ContactId
## ROLE FIELD TO MATCH FOR ROLES SYNC. THIS FIELD MUST EXIST ON THE PREVIOUS SEARCH OBJECT
#salesforce_search_object_role_field=AccessRights__c

## SAVE LOG MESSAGES ON DOTCMS-USERACTIVITY LOG
#save_log_info_useractivity_log=true
## SAVE LOG MESSAGES ON DOTCMS LOG
#save_log_info_dotcms_log=true

7) This filter and its filter mappings are required in dotCMS/WEB-INF/web.xml file

<!-- SalesForce filter -->
<!--
<filter>
  <filter-name>SalesForceFilter</filter-name>
  <filter-class>com.dotmarketing.filters.SalesForceFilter</filter-class>
  <init-param>
    <param-name>com.dotmarketing.filters.salesforce.filter.serverName</param-name>
    <param-value>localhost</param-value>
  </init-param>
</filter>
-->
<!-- End of SalesForce filters -->

<!--SALESFORCE FILTER-MAPPINGS-->
<!--
<filter-mapping>
  <filter-name>SalesForceFilter</filter-name>
  <url-pattern>/dotCMS/login</url-pattern>
</filter-mapping>
<filter-mapping>
  <filter-name>SalesForceFilter</filter-name>
  <url-pattern>/admin</url-pattern>
</filter-mapping>

<filter-mapping>
  <filter-name>SalesForceFilter</filter-name>
  <url-pattern>/c</url-pattern>
</filter-mapping>
-->
<!--END OF SALESFORCE FILTER-MAPPINGS-->

8) Salesforce roles must be created by a dotCMS Admin on the System -> Roles & Tabs page. Both role name and key should match the Custom Field values on Salesforce. Also, for avoiding issues after login, we recommend to assign at least one tab/permission to these Salesforce Roles.
9) All Salesforce auth activity is stored in tomcat/logs/userActivity.log file.