Salesforce Mutual Authentication Account
In this article
Overview
You can use this account type to connect Salesforce Snaps with data sources that use Salesforce Mutual Authentication account. This account allows Salesforce snaps to use Salesforce mutually authenticated transport layer security authentication providing an additional layer of security. Mutual Authentication is also known as two-way authentication, as both the client and the server authenticate and verify themselves using Client Certificate Authentication. Each time you connect to a Salesforce API, the server checks if the client's certificate is valid for the client's org, and also checks the validity of the session ID using the Username, Password, and the Security Token.
Prerequisites
- Valid CA signed certificate.
KeyStore file with an intermediate certificate.
Limitations
- This account is not supported for Salesforce Subscriber and Salesforce Publisher Snaps.
- Mutual Authentication is intended for API use only and not for using any other services through the user interface (Salesforce.com).
Known Issue
Salesforce Mutual Authentication account fails on validation when you create the account for the first time and save it. As a workaround, click Apply and then click Validate for successful validation of the account.
Account Settings
Field Name | Field Type | Description |
---|---|---|
Label* Default Value: [None] | String | Specify a name for the account instance. |
Username* Default Value:N/A | String | Specify a name for this account. |
Password* Default Value: N/A | String | Specify the password for the account. |
Security token Default Value: N/A | String | Specify a security token. To create a security token, log into your account in Salesforce and navigate to Personal Setup > My Personal Information > Reset My Security Token. |
Keystore* Default Value:N/A | String | Enter the location of the KeyStore file that can be in your SLDB or any other unauthenticated endpoints. The Keystore value must include intermediate certificates; however, including root certificate is optional. If the file is in the same folder, you can enter only the filename. If not, you must enter the complete absolute path, for example, if the Keystore file “snaplogic_SF.jks” is in the projects/shared project of QA org and the pipeline is not in the same project, then you should enter: A relative path for Keystore file causes the account to fail if the pipeline is in global shared project and Keystore file is in another project. A relative path might not always work. |
Keystore Password* Default Value: N/A | String | Enter the password for the KeyStore. |
Login URL Default Value: N/A | String | Enter your salesforce.com login URL if it is different from "https://login.salesforce.com/". Usually it is not required, but if you are using CipherCloud for Salesforce, you should enter the login URL issued by CipherCloud with the Sandbox checkbox deselected. |
Sandbox Default Value: Deselected | N/A | Select this option if the username is for a sandbox account or deselect if it is for a production account. |
Troubleshooting
Error | Reason | Resolution |
---|---|---|
Keystore error | The Salesforce Mutual Authentication account fails if the Keystore file and pipeline are in different projects. | If the file is in the same folder, you can enter only the filename. If not, you must enter the complete absolute path. |
Error occurred while executing request to Salesforce.com | The input view document data is not a Map. | Ensure that the input view document data is a map. |
Client certificate error: unable to get local issuer certificate. | The certificate chain is incomplete or missing. | You should get the intermediate certificate to attach to the pem. For more information about creating creating certificate chain, see Salesforce Mutual Authentication Setup. |
Unable to load Private Key. | Expects Private Key. | Follow the instructions in stack overflow link and update the encoded type of private key file using Notepad++. |
| When you use the default Login URL and validate the Account, it encounters a connection timeout error. | Provide the complete host name of the Salesforce instance for the Mutual Authentication Account. |