rcano
Visitor.
249 views

Salesforce Driver - Driver stucked after successful login call

Hi guys,

I'm connecting an IDM with a Salesforce account.

After setting the driver configuration, with all the authentication information and the entitlement, I'm able to login with the Salesforce platform, but after receiving a 200 OK and all the session information, the driver shim keeps verifying the server certificate and don't keeps processing the user add.

Probably I'm missing something with the driver configuration? I attached the trace file if it helps.

Thank you,
Rodrigo

Labels (1)
0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: Salesforce Driver - Driver stucked after successful login call

I have not looked at SFDC in a long time.  But I think what is happening is that you actually do 2 different connections.

First you login:

[07/10/19 12:47:04.779]:DrvSalesforce - DEV ST: DrvSalesforce: Preparing to POST the following XML to https://test.salesforce.com/services/Soap/u/18.0
[07/10/19 12:47:04.779]:DrvSalesforce - DEV ST: DrvSalesforce: login to https://test.salesforce.com/services/Soap/u/18.0
[07/10/19 12:47:04.779]:DrvSalesforce - DEV ST: DrvSalesforce: Setting up SSL connection.
[07/10/19 12:47:04.780]:DrvSalesforce - DEV ST: DrvSalesforce: Verifying the certificate..
[07/10/19 12:47:05.433]:DrvSalesforce - DEV ST: DrvSalesforce: POST completed with 200 OK

Then the response tells you where to go next (I think):

https://girbau--partial.cs12.my.salesforce.com/services/Soap/m/18.0/00DV000000897Ei
<passwordExpired>false</passwordExpired>
<sandbox>true</sandbox>
https://girbau--partial.cs12.my.salesforce.com/services/Soap/u/18.0/00DV000000897Ei
<sessionId>00DV000000897Ei!

 

So I wonder if the certs used on the two hosts differ.  So I went to the URLs and looked for you.  They are two different certs (test.salesforce.com and *.cs12.my.salesforce.com but the signing CA's are the same.

 

I would consider looking to see if you have server level certs installed in your keystore.  So on the engine server, in /opt/novell/eDirectory/lib64/nds-modules/jre/lib/security/cacerts or it might be a symlink to /opt/netiq/idm/common/jre/lib/security/cacerts or nearby. 

Compare what you have with your cacerts and the actual certs in use. Specifically the cs12.my.salefsorce.com one. 

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.