Closed NilukaSripalim closed 8 months ago
There are couple of issues with the current connector:
- Password field in the connector should be text not boolean (bug).
I will send a fix for this.
When fixing the issue, found below blocker I am testing the connector cause there is a issue with SSL connection. This issue is not related to the fix This is not with the fix but with the SAN verification.
[2024-02-16 10:41:04,285] [bcffd041-019e-4696-a9b8-a9a8124ef35a] ERROR {org.wso2.carbon.identity.provisioning.ProvisioningThread} - Provisioning for Entity sample2@gmail.com For operation = POST org.wso2.carbon.identity.provisioning.IdentityProvisioningException: Error in decoding response to JSON
at org.wso2.carbon.identity.provisioning.connector.salesforce.SalesforceProvisioningConnector.authenticate(SalesforceProvisioningConnector.java:439)
at org.wso2.carbon.identity.provisioning.connector.salesforce.SalesforceProvisioningConnector.setAuthorizationHeader(SalesforceProvisioningConnector.java:365)
at org.wso2.carbon.identity.provisioning.connector.salesforce.SalesforceProvisioningConnector.createUser(SalesforceProvisioningConnector.java:229)
at org.wso2.carbon.identity.provisioning.connector.salesforce.SalesforceProvisioningConnector.provision(SalesforceProvisioningConnector.java:105)
at org.wso2.carbon.identity.provisioning.ProvisioningThread.call(ProvisioningThread.java:85)
at org.wso2.carbon.identity.provisioning.ProvisioningThread.call(ProvisioningThread.java:34)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <wso2-5f-dev-ed.develop.my.salesforce.com> doesn't match any of the subject alternative names: [a.sfdc-lywfpd.edge.salesforce.com, *.my.salesforce.com, *.force.com, *.d.forceusercontent.com, *.c.forceusercontent.com, *.livepreview.salesforce-communities.com, *.cloudforce.com, *.builder.salesforce-communities.com, *.database.com, *.a.forceusercontent.com, *.sandbox.force.com, *.lightning.force.com, *.documentforce.com, *.secure.force.com, *.preview.salesforce-communities.com, *.visualforce.com, *.container.lightning.com, *.b.forceusercontent.com]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.wso2.carbon.identity.provisioning.connector.salesforce.SalesforceProvisioningConnector.authenticate(SalesforceProvisioningConnector.java:408)
... 9 more
Had to debug in to the issue.
Wildcard certificates are only for one level. *.example.com will match foo.example.com and bar.example.com, but will not match foo.bar.example.com.
Here in salesforce our domain is wso2-5f-dev-ed.develop.my.salesforce.com and one of wildcard certificate SAN is *.my.salesforce.com. The domain I have is 2 level above which causes the problem.
I tried with certs without "-k" and succeeded which means there is no certificate issue in the OS.
Check following snapshot where we got only 2 DNS but above has several. I think this is clearly a cert mismatch maybe a wrong cert is taken from the truststore
Doc issue tracked here: https://github.com/wso2/product-is/issues/19689
Describe the issue: When attempting Outbound provisioning via Salesforce, users are encountering issues with provisioning, and error logs are being generated. This problem persists even with the 5.11 product version.
How to reproduce:
Expected behavior: Users should be provisioned successfully without encountering any errors.
Environment information (Please complete the following information; remove any unnecessary fields) :