Tuesday, April 4, 2017

Integration of Adobe Experience Manager(AEM) with Salesforce - Part2

Integration of Adobe Experience Manager(AEM) with Salesforce - Part2

This post will explain the common issues faced while integrating Salesforce with Adobe Experience Manager(AEM).

Refer https://www.albinsblog.com/2017/03/integrationofaemcq5withsalesforcepart1.html for details on integrating Salesforce with Adobe Experience Manager(AEM)


The redirect_mismatch error will be displayed if the calback URL configured in the Salesforce connected app and the redirect_uri send by the Adobe Experience Manager(AEM) Connector is not matching.

Verify the callback URL configured in the Salesforce connected app is same as the value send by AEM connector.
Make sure the AEM Salesforce connector is opened via https URL

Error in getting access token - Not able to connect to Salesforce login URL(login.salesforce.com/test.salesforce.com): 

Getting the below error while the connector is trying to connect to the Salesforce.

Error in the log file 

20.03.2017 21:20:34.791 *ERROR* [ [1490062750762] GET /libs/mcm/salesforce/customer.json HTTP/1.1] com.adobe.cq.mcm.salesforce.SalesforceClient Error while Executing POST/PUT Request to Salesforce.com: 

org.apache.http.conn.HttpHostConnectException: Connect to login.salesforce.com:443 [login.salesforce.com/, login.salesforce.com/, login.salesforce.com/, login.salesforce.com/] failed: Connection timed out: connect

Based on the analysis the connector is not able to connect to Salesforce server behind proxy.

The proxy server configured in "HTTP Client 3."1 and  "Apache HTTP Components Proxy Configuration" are not considered for connection.

This is the defect in connector, follow the steps in the URL https://www.albinsblog.com/2017/04/updating-salesforce-connector-jarcq-mcm-salesforce-adobe-cq5-aem.html#.WOMn4mkrLIU to apply the quick fix and raise the ticket with Adobe to get the hotfix until the issue is permanently fixed.

Error in getting access token:invalid_grant while connecting to test.salesforce.com:

invalid_grant  error is  thrown while the connector is trying to connect to test.salesforce.com

The root cause of this issue is the connector always defaulting the authorization_url to login.salesfore.com in /libs/mcm/salesforce/components/salesforcepage/dialog/items/tabs/items/basic/items/authorizationUrl

Change the value to test.salesforce.com to connect to test.salesforce.com

TLS 1.0 not supported issue: 

The TLS 1.0 is not supported by salesforce and TLS 1.1 or TLS 1.2 is require to establish the connectivity.

The following exception is thrown in the log file

<table width="100%" height="100%" border="0">
<tr><td width="100%" height="100%"><div class="content"><h1>Stronger security is required</h1><div class="simple"><p>To access this website, update your web browser or upgrade your operating system to support TLS 1.1 or TLS 1.2.</p><p>For more information, see <a href="https://help.salesforce.com/HTViewSolution?id=000221207&amp;language=en_US" target="_blank">Salesforce disabling TLS 1.0</a>.

 at com.adobe.cq.mcm.salesforce.internal.SalesforceSecretServlet.getAccessToken(SalesforceSecretServlet.java:157)
        at com.adobe.cq.mcm.salesforce.internal.SalesforceSecretServlet.doGet(SalesforceSecretServlet.java:170)
        at org.apache.sling.api.servlets.SlingSafeMethodsServlet.mayService(SlingSafeMethodsServlet.java:269)
        at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:345)
        at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:376)
        at org.apache.sling.engine.impl.request.RequestData.service(RequestData.java:533)

This exception will be thrown if the AEM server is running with JRE version below 1.8.

The TLS 1.1 or TLS 1.2 is not by default supported by Java 1.7, follow the steps in the URL https://www.albinsblog.com/2017/04/updating-salesforce-connector-jarcq-mcm-salesforce-adobe-cq5-aem.html#.WOMn4mkrLIU to enable the TLS 1.1 or TLS 1.2 for the connector

invalid_grant - token validity expired: 

This error will be thrown when the refresh_token is expired.

28.03.2017 23:41:40.184 *ERROR* [0:0:0:0:0:0:0:1 [1490724696957] GET /content/training/en/salesforce/jcr:content/par/salesforcesearch.html HTTP/1.1] com.adobe.cq.mcm.salesforce.SalesforceClient Can't refresh access token. Response: {"error":"invalid_grant","error_description":"token validity expired"}

Verify the Refresh Token Policy is configured as "Refresh token is valid until revoked" in Salesforce connected app.

Error in getting access token - invalid_client_id: 

This error will be thrown if the Customer key/Customer secret configured in the connector is wrong or the connected app is created recently, we have to wait 2 to 10 minutes after creating/modifying the connected app in Salesforce to reflect the configurations.

Permission issue to establish the connectivity: 

The Salesforce connected app should be provided the below two OAuth scopes to allow the AEM connection, this two scopes should be selected even after the providing the full access.

No error will be thrown in the connector but the connectivity will not be success.

The screen will be displayed if the connectivity is success with out any issues.

1 comment: