Salesforce Mutual Authentication Account

In this article

Overview

You can use this account type to connect Salesforce Snaps with data sources that use Salesforce Mutual Authentication account. This account allows Salesforce snaps to use Salesforce mutually authenticated transport layer security authentication providing an additional layer of security. Mutual Authentication is also known as two-way authentication, as both the client and the server authenticate and verify themselves using Client Certificate Authentication. Each time you connect to a Salesforce API, the server checks if the client's certificate is valid for the client's org, and also checks the validity of the session ID using the Username, Password, and the Security Token.

Prerequisites

  • Valid CA signed certificate.
  • KeyStore file with an intermediate certificate.

Limitations

Known Issue

Salesforce Mutual Authentication account fails on validation when you create the account for the first time and save it. As a workaround, click Apply and then click Validate for successful validation of the account.

Account Settings

Field Name

Field Type

Description

Label*

Default Value: [None]
Example
Salesforce account

String

Specify a name for the account instance.


Username*

Default Value:N/A
Example
:admin@sf.com

String

Specify a name for this account.

Password*

Default ValueN/A
Example:
********@1

String

Specify the password for the account.


Security token

Default Value: N/A
Example:
1234

String

Specify a security token. To create a security token, log into your account in Salesforce and navigate to Personal Setup > My Personal Information > Reset My Security Token.


Keystore*

Default Value:N/A
Example
x590_certificate.jks

String

Enter the location of the KeyStore file that can be in your SLDB or any other unauthenticated endpoints. The Keystore value must include intermediate certificates; however, including root certificate is optional.

If the file is in the same folder, you can enter only the filename. If not, you must enter the complete absolute path, for example, if the Keystore file “snaplogic_SF.jks” is in the projects/shared project of QA org and the pipeline is not in the same project, then you should enter: sldb:///QA/projects/shared/snaplogic_SF.jks

A relative path for Keystore file causes the account to fail if the pipeline is in global shared project and Keystore file is in another project. A relative path might not always work.


Keystore Password*

Default Value: N/A
Example
x590_certificate.jks

String

Enter the password for the KeyStore.


Login URL

Default ValueN/A
Example
:https://login.salesforce.com/

String

Enter your salesforce.com login URL if it is different from "https://login.salesforce.com/". Usually it is not required, but if you are using CipherCloud for Salesforce, you should enter the login URL issued by CipherCloud with the Sandbox checkbox deselected.

Breaking Change

Prior to 436patches25192 version, the Salesforce Mutual Authentication Account supported default Login URLs such as https://login.salesforce.com and https://test.salesforce.com. Starting from 436patches25192, this account no longer supports the default Login URLs—your existing pipelines using the Mutual Authentication Account with the default Login URLs might break.
To prevent this breaking change, you must provide a valid Salesforce Login URL as part of your account configuration.

Sandbox

Default ValueDeselected

N/A

Select this option if the username is for a sandbox account or deselect if it is for a production account.


Troubleshooting

ErrorReasonResolution
Keystore error

The Salesforce Mutual Authentication account fails if the Keystore file and pipeline are in different projects.

If the file is in the same folder, you can enter only the filename. If not, you must enter the complete absolute path.

Error occurred while executing request to Salesforce.comThe input view document data is not a Map.Ensure that the input view document data is a map.
Client certificate error: unable to get local issuer certificate.The certificate chain is incomplete or missing.You should get the intermediate certificate to attach to the pem. For more information about creating creating certificate chain, see Salesforce Mutual Authentication Setup.
Unable to load Private Key.Expects Private Key.

Follow the instructions in stack overflow link and update the encoded type of private key file using Notepad++.

https://stackoverflow.com/questions/18460035/unable-to-load-private-key-pem-routinespem-read-biono-start-linepem-lib-c6

Connection timeout

When you use the default Login URL and validate the Account, it encounters a connection timeout error.

Provide the complete host name of the Salesforce instance for the Mutual Authentication Account.

Snap Pack History

 Click to view/expand
Release Snap Pack VersionDateType  Updates
November 2024439patches29230 Latest

Fixed the vulnerabilities in CXF library dependencies within the Salesforce Snap Pack to enhance security and ensure reliable functionality.

November 2024439patches29014 Latest

Fixed an issue with the Salesforce Lookup, SOQL, and SOSL Snaps, where errors were not routed to the error pipeline when Route Error Data to Error View was enabled, and a referenced expression variable was missing in the upstream or pipeline parameters.

November 2024main29029 StableUpdated and certified against the current SnapLogic Platform release.
August 2024438patches28607 Latest

Fixed an issue with the Salesforce Publisher Snap where an invalid session triggered infinite retries, resulting in many open file descriptors that eventually crashed the node.

August 2024438patches28040 Latest

Fixed an issue with the Salesforce SOQL Snap where the URL encoding was improperly applied to sandbox instance URLs. Now, the Snap ensures URL sandbox instance URLs are properly encoded.

Breaking change from Salesforce

Salesforce is retiring some of the hostnames for non-enhanced domains from August 2024:

  • Redirections for legacy (non-enhanced) hostnames stop in production orgs and demo orgs. Production orgs get this release starting in January 2025.

  • Redirections for legacy (non-enhanced) hostnames stopped in sandboxes, Developer Edition orgs, patch orgs, scratch orgs, and Trailhead Playgrounds.

When deploying a new My Domain, including enhanced domains, Salesforce automatically redirects previous URLs. For detailed information, such as hostname formats for legacy (non-enhanced) domains, refer to the Prepare for the End of Redirections for Non-Enhanced Domains.

To align with Salesforce’s redirection changes for non-enhanced domains, the classic URL format (https://snaplogic--devqa.my.salesforce.com/) is no longer supported for Sandbox environments. As a result, any existing Salesforce pipelines using classic URLs will stop functioning as before.

Workaround

To run your pipelines successfully, you must append sandbox to your classic URLs: https://snaplogic--devqa.sandbox.my.salesforce.com/

Learn more about the enhanced domains deployment by Salesforce.

August 2024main27765 StableUpgraded the org.json.json library from v20090211 to v20240303, which is fully backward-compatible.
May 2024437patches27307 Latest

Fixed authentication issues with the Salesforce Subscriber Snap in the Ultra Pipeline to ensure the Snap reauthenticates and reconnects as expected.

May 2024

main26341

 

Stable

Updated and certified against the current SnapLogic Platform release.

February 2024436patches25626 LatestEnhanced the Salesforce Bulk Create, Bulk Delete, Bulk Query, Bulk Update, and Salesforce Bulk Upsert Snaps to include the complete error details under the original object that contains the copies of the failed input records.
February 2024436patches25192 Latest

Fixed an issue with the Salesforce Mutual Authentication Account where the 8443 port was not used while authorizing the account. Now, the access token request uses the 8443 port for authorizing the Mutual Authentication Account.

Breaking change

Prior to 436patches25192, the Salesforce Mutual Authentication Account supported default Login URLs such as https://login.salesforce.com and https://test.salesforce.com. From 436patches25192, this account no longer supports the default Login URLs—your existing pipelines using the Mutual Authentication Account with the default Login URLs might break.

To prevent this breaking change, you must provide a valid Salesforce Login URL as part of your account configuration.

February 2024main25112 StableEnhanced the Salesforce Bulk Query Snap with expression support for the Include Deleted Records checkbox.
November 2023435patches24747 LatestFixed an issue that caused the input stream to not close properly, which resulted in stale connections.
November 2023435patches24368 Latest

Enhanced the performance of the Salesforce Bulk Query Snap with a new Maximum threads field. This field enables you to download query results simultaneously in multiple threads.

November 2023435patches24006 Latest

Enhanced the Salesforce Read Snap by adding expression enablement to the following checkboxes:

  • Use PK chunking if supported

  • Include Deleted Records

November 2023main23721 StableUpdated and certified against the current SnapLogic Platform release.
August 2023434patches23646 LatestFixed an issue where a long-running pipeline containing the Salesforce Subscriber Snap would suddenly stop responding.
August 2023434patches22537 Latest

Improved the Salesforce Bulk Upsert Snap error messages by limiting the length of the reason displayed with the error.

August 2023main22460 StableUpdated and certified against the current SnapLogic Platform release.
May 2023433patches21367 Latest
  • The Salesforce SOQL Snap now honors the selection of the Match Data Type checkbox when the value entered for Batch Size is greater than 50,000.

  • The Salesforce Read Snap now honors the selection of the Match Data Type checkbox if the Use PK chunking if supported checkbox is also selected.

May 2023

main21015 

Stable

Upgraded with the latest SnapLogic Platform release.

February 2023432patches20586 Latest

Fixed an issue with the Salesforce SOQL and Salesforce Read Snaps where the Match Data Type checkbox selection was not honored if the Salesforce API field was set to Bulk API.

February 2023432patches20393 Latest
February 2023432patches20145