function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Sheila AvilesSheila Aviles 

Encrypting username and password

WE are looking to integrate Salesforce.com with our Oracle Ebiz systems using Oracle SOA BPEL process.  We will not be using the Salesforce Adapter.  

The Steps with BPEL is to log in then get the session ID and URL

When logging in we need the user name and password

Is there a way that we can have the username and password encrypted?

How can I go about doing that in BPEL

thank you
Sumitkumar_ShingaviSumitkumar_Shingavi
You can use Apex Crypto class for creating digests. Here is the detail documentation: https://developer.salesforce.com/page/Apex_Crypto_Class
 
You can use required algorithm as per your need.

Hope this helps! If yes, then mark it as solution.
Sheila AvilesSheila Aviles
I'm sorry I'm new to this.  Can you tell me how I can do this using BPEL process?

I'm assuming the the bpel process will log in to SFDC using encrypted password?

here is my log in code
<sequence name="SFDCLogin">
        <assign name="AssignLogin">
          <copy>
            <from variable="inputVariable" part="payload"
                  query="/ns2:SFDC_Quote_Request/ns2:SFDC_User_Name"/>
            <to variable="SFDC_LOGIN_lInputVariable" part="parameters"
                query="/ns1:login/ns1:username"/>
          </copy>
          <copy>
            <from variable="inputVariable" part="payload"
                  query="/ns2:SFDC_Quote_Request/ns2:SFDC_Password"/>
            <to variable="SFDC_LOGIN_lInputVariable" part="parameters"
                query="/ns1:login/ns1:password"/>
          </copy>
        </assign>
      <invoke name="Invoke_SFDC_LOGIN" inputVariable="SFDC_LOGIN_lInputVariable"
              outputVariable="SFDC_LOGIN_OutputVariable"
              partnerLink="SFDC_ENTERPRISE_REF" portType="ns1:Soap"
              operation="login" bpelx:invokeAsDetail="no"/>
          </sequence>
    </scope>

But i want to make sure that the password is encrypted.

Do I encrypt is then pass it to the variable and SFDC will decrypt it?
Sumitkumar_ShingaviSumitkumar_Shingavi
I think you need to pass Password+SecurityToken in place of "SFDC_Password" and that should make it a go! You can't send encrypted password as salesforce needs it in original form.
Sheila AvilesSheila Aviles
yes passing the password+token works but i need to figure out a different way of passing the password with out  it displaying.  

One suggestion I got was to use CSF-key

This is what i have in my composite

  <reference name="SFDC_ENTERPRISE_REF"
             ui:wsdlLocation="oramds:/apps/SALESFORCE_WSDL/SFDCEnterprise_Sandbox.wsdl">
    <interface.wsdl interface="urn:enterprise.soap.sforce.com#wsdl.interface(Soap)"/>
    <binding.ws port="urn:enterprise.soap.sforce.com#wsdl.endpoint(SforceService/Soap)"
                location="oramds:/apps/SALESFORCE_WSDL/SFDCEnterprise_Sandbox.wsdl"
                soapVersion="1.1">
      <wsp:PolicyReference URI="oracle/wss_username_token_client_policy"
                           orawsp:category="security" orawsp:status="enabled"/>
      <property name="weblogic.wsee.wsat.transaction.flowOption"
                type="xs:string" many="false">WSDLDriven</property>
      <property name="csf-key" type="xs:string" many="false">SFDC_Key</property>
    </binding.ws>
  </reference>

theoretically the username and password from the csf key will be passed and use to log in.  But when i execute i get the following


<messages>
<input>
<SFDC_LOGIN_lInputVariable>
<part  name="parameters">
<login/>
</part>
</SFDC_LOGIN_lInputVariable>
</input>
<fault>
<bpelFault>
<faultType>1</faultType>
<LoginFault>
<part  name="fault">
<sf:LoginFault  xsi:type="sf:LoginFault">
<sf:exceptionCode>INVALID_LOGIN</sf:exceptionCode>
<sf:exceptionMessage>Invalid username, password, security token; or user locked out.</sf:exceptionMessage>
</sf:LoginFault>
</part>
</LoginFault>
</bpelFault>
</fault>
<faultType>
<message>1</message>
</faultType>
</messages>



 
Sumitkumar_ShingaviSumitkumar_Shingavi
I think you should be using a property file to store creds if problem is to hide them from code. If you want to hide them from sent request them I don't think it is feasible as Salesforce will not understand your own custom encryption.
Sheila AvilesSheila Aviles
I want to hide them from code

I am using the following but still not working
      <property name="csf-key" type="xs:string" many="false">SFDC_Key</property>

Can you tell me how i can pass the user name and password with out it displaying in the code?


 
Sumitkumar_ShingaviSumitkumar_Shingavi
Read below. Might help you: 1. https://developer.salesforce.com/page/Using_OAuth_to_Authorize_External_Applications 2. https://developer.salesforce.com/page/Secure_Coding_Storing_Secrets Thanks, Sumit
Sheila AvilesSheila Aviles
You've been a great help!!!

I see how i can set up OAUTH in Salesforce and take the consumer key.

Do you know how i can use this in BPEL?

Or do I just add a java embedding until I get the session ID and Server URL?

thank you