Configure Salesforce (Legacy) Integration

This content applies to legacy components (such as K2 Studio and K2 for Visual Studio), legacy assemblies, legacy services or legacy functionality. If you have upgraded from K2 blackpearl 4.7 to K2 Five, these items may still be available in your environment. These legacy items may not be available in new installations of K2 Five. These legacy items may also not be available, supported, or behave as described, in future updates or versions of K2. Please see the legacy component support policy for more information about support for these components.

K2 integrates with Salesforce.com through the Salesforce Service Broker. One can register an instance of this broker that points to a Salesforce account, which exposes entities within that company as Service Objects that are referenced by SmartObjects. These SmartObjects can in turn be consumed by SmartForms, workflows, reports and other SmartObject consumers.

Salesforce is disabling the TSL 1.0 encryption protocol across their services in July of 2017. At that time all inbound or outbound connections to Salesforce must use TLS 1.1 or TLS 1.2 encryption protocol. For more information on the Salesforce changes, see the following two articles:

Also see the K2 article KB001764 for information.

Until July 2017 you can disable this TLS 1.1 requirement in your Salesforce account, reverting to TLS 1.0 and your K2 integration with Salesforce will continue to work.

The Broker Management tool, Salesforce security provider, Salesforce SmartObject Service Instance and Salesforce SmartObject Instance Generator has been updated to .NET 4 to support TLS 1.1/TLS 1.2.

Salesforce Account and System Administration
Once the WSDL (Web Services Description Language) file has been downloaded from Salesforce, an administrator account must generate the required infrastructure for the Salesforce instance. Other than facilitating a level of integration with the Salesforce site, Administrator level tasks are performed from the Salesforce site and are beyond the scope of this documentation.

Salesforce Integration Resources

There are various additional resources and extensive documentation available on the Salesforce web site which are accessible once an account has been created. For an in depth discussion on the technical aspects of the Salesforce web site, refer to the documentation provided by Salesforce which includes online help and PDFs available for download.

K2 and Salesforce

The process of integrating your organization with Salesforce is divided into a number of steps.

  1. Create a Salesforce user account and generate a security token for your password.
  2. Download the service WSDL.
  3. Prepare to generate the service instance.
  4. Generate the service instance of Salesforce in the K2 Service Broker.
  5. Cache the Salesforce credentials.
  6. Create a K2 Salesforce SmartObject and the required property mappings.
  7. Build a form that interacts with the K2 Salesforce centric SmartObject.

The Salesforce user account is created on the site http://developer.salesforce.com. The individual representing the organization or company creates a user account using an e-mail address and password. Once registered, Salesforce will send a confirmation email to the user account. Follow the instructions in the email.

The login credentials are used later on in the integration process to authenticate against the Salesforce site so keep them handy. Once the account has been created, a security token for the chosen password must be generated. The image and steps below describe how to do this:

  1. Log into the Salesforce web site. The Getting Started Salesforce page is displayed.
  2. Click the login name in the upper right corner of the page, this displays a menu. Select My Settings from this menu.
  3. Click Personal in the navigation bar on the left of the page to expand the menu, then select the Reset Security Token item. Read the important information on the page.
  4. Salesforce will send an e-mail with the new security token. This token must be appended to the account password to access Salesforce from within K2.

Salesforce supplies a Web Services Description Language (WSDL) file to its customers. The WSDL file enables the developer to integrate with Salesforce using the Salesforce API.

The method of generating the WSDL file is beyond the scope of this document but full details can be found on this site: Salesforce: SOAP API Developer Guide.

Avoid placing the WSDL and generated DLLs in a location that has spaces or special characters in the path and be aware that the Enterprise WSDL is organization specific.

Once you have the WSDL file you can distribute it amongst the developers in your organization and use it to generate the files required for developing solutions in conjunction with Salesforce.

As a prerequisite to generating the service instance, the Windows SDK .NET Framework 4 must be installed. See the K2 Product Compatibility, Integration and Support matrix for supported versions.

A Windows Registry entry of type String must be created in the following branch: HKLM > Software > Microsoft > .NETFramework with the following data:
Value name: SDKInstallRootv4.0
Value data: C:\\Program Files (x86)\\Microsoft SDKs\\Windows\\v7.0A\\ (the SDK is installed to this folder by default).

Before the service instance can be registered and used, it needs to be generated. This is done by using the Broker Manager.

  1. The Broker Manager is started by browsing to the ServiceBroker folder in the K2 installation folder and running the BrokerManagement.exe file ("%ProgramFiles%\K2\ServiceBroker\BrokerManagement.exe").
  2. Select the Salesforce Instance Generator from the list:
  3. Fill in the Salesforce Instance Generator page remembering to append the security token generated earlier to your password.

    The Instance destination path should be a short path with no spaces or ( ) in it, as these characters will cause an error.
    Once the files have been generated, they can be copied to "%ProgramFiles%\K2\ServiceBroker\Salesforce" and registered from there.


    As Salesforce requires TLS 1.1/TLS 1.2 from July 2017, you must use the Latest Available or .NET v 4 options in the MS .NET version box as prior versions do not support TLS 1.1/TLS 1.2.
  4. Choose to register the DLLs and enter credentials (remember that security token with the password).
  5. Once the DLLs have been registered it is important to restart the server to allow for the caching credentials step.

Considerations

The Generate button will generate the necessary DLLs from the WSDL and after some time, which depends on the connection to Salesforce and the complexity and quantity of Salesforce objects to generate, a dialog box will ask if you want to register the DLLs. If there is an issue during the registration and you need to cancel out, you can use the Register button after sorting out the issue instead of re-generating the files (re-generating the files can be time consuming). Be sure to provide the same Instance destination path and This instance name in the dialog that come up, that you entered when generating the DLLs.

The final step is to cache your credentials by selecting the Cache Salesforce Credentials, remember to append the token to the password.

Issue:

A Salesforce service instance is created and some SmartObjects are created.

The application that uses the SmartObjects cannot execute their methods unless you have cached the Salesforce credentials in Workspace while being logged in as yourself. The application needs to use impersonation, so as long as the impersonated person has cached their credentials beforehand, the SmartObject methods will execute successfully. If you do not cache your credentials, the exception thrown is "No Credentials Cached for this label".

Workaround:

To avoid the requirement that each end user needs to cache Salesforce.com credentials in order for a SmartObject method to execute, perform the following:

  1. Ensure that the web application using the SmartObjects is running under an app pool account that is in turn configured to run under a service account user identity (i.e. not a predefined service).
  2. In your browser, log into Workspace as that app pool service account user and drill into "K2 Management > Smart Objects > Services > Salesforce Service". Select the service instance that you are using and click ’Credentials’, then enter the Salesforce credentials. Ensure that you append the Salesforce token to your password.
  3. In the web application code, you need to:
    1. Remove impersonation.
    2. Sign into the SmartObject server.
    3. Execute the SmartObject methods once you are done with the connection.
    4. Resume impersonation. By removing impersonation during sign in, the K2 server will pick up the service account user in the app pool that this application is running under.

Web application code:

using SourceCode.SmartObjects.Client;
.
.
.

object retVal = null, paramValue = "Some_Value";

// Stop impersonation
System.Security.Principal.WindowsImpersonationContext ctx = System.Security.Principal.WindowsIdentity.Impersonate(IntPtr.Zero);

SmartObjectClientServer clientServer = new SmartObjectClientServer();
clientServer.CreateConnection();
clientServer.Connection.Open("Integrated=True;IsPrimaryLogin=True;Authenticate=True;EncryptedPassword=False;Host=[YOUR_K2_HOST];Port=5555"); // conn string hard-coded for simplicity.
SmartObject soOpportunity = clientServer.GetSmartObject("sfOpportunity"); // or whatever your smart object is named.

try
{
// replace quoted values with your own values.
smartObject.Methods["methodToExecute"].Parameters["paramName"].Value = (string)paramValue;
smartObject.MethodToExecute = "methodToExecute";
clientServer.ExecuteScalar(soOpportunity);
retVal = smartObject.Properties["returnPropertyName"].Value;
.
.
.
.
}
catch (SourceCode.Hosting.Exceptions.AuthenticationException authEx)
{
if (ctx != null)
{
ctx.Undo();
}
throw new Exception("SourceCode.Hosting.Exceptions.AuthenticationException: " + authEx.Message);
} //*/
catch (Exception ex)
{
// Resume impersonation
if (ctx != null)
{
ctx.Undo();
}
throw new Exception(ex.Message);
}
finally
{
// Resume impersonation
if (ctx != null)
{
ctx.Undo();
}
}