Hi All,
 
We are going to use Salesforce as IdP and Weblogic as SP which hosts our existing java web apps, thinking about OAuth 2.0 JWT Bearer Token Flow for the SSO.
 
Basically user logs into our customized community, clicks a link which redirects user to external web apps via http request, a bearer token with extra claims is set in the authorization header. Our java web doesn’t need to talk back to salesforce, it just needs to validate the JWT token for the authentication.

I creates a connected app with digital signature, create JWT token with extra claims using apex Auth.JWT, then I verify the JWT using jose4j in java, but get the following error while validating the JWT in java, I use https://login.salesforce.com/id/keys as the key resolver since I use my developer account to create the JWT token

org.jose4j.jwt.consumer.InvalidJwtException: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS 

Any input is appreciated.

Here are links I followed for implementation
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_class_Auth_JWTBearerTokenExchange.htm
https://help.salesforce.com/articleView?id=remoteaccess_asset_token_using_validating.htm&type=5

And here is my codes
Apex code for generating JWT

Auth.JWT jwt = new Auth.JWT();
        jwt.setSub('XX@XXX.XXX'); 
        jwt.setAud('https://login.salesforce.com'); 
        jwt.setIss('3MVG9KsVczVNcM8y.FPNyZ.BU9I1hnzFYR1VBtqxIyA2mJoJ8zsHwzEE8GkytJwXWhSTwulBu14ecCMp3XV2q');
        
        //Additional claims to set scope
        Map<String, Object> claims = new Map<String, Object>();
        claims.put('scope', 'scope name');
            
        jwt.setAdditionalClaims(claims);

        //Create the object that signs the JWT bearer token
        Auth.JWS jws = new Auth.JWS(jwt, 'SelfSignedCert_02Feb2019_210623');
        
        //Get the resulting JWS in case debugging is required
        String token = jws.getCompactSerialization();

Generated JWT looks like this:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlNlbGZTaWduZWRDZXJ0XzAyRmViMjAxOV8yMTA2MjMifQ.eyJpc3MiOiIzTVZHOUtzVmN6Vk5jTTh5LkZQTnlaLkJVOUkxaG56RllSMVZCdHF4SXlBMm1Kb0o4enNId3pFRThHa3l0SndYV2hTVHd1bEJ1MTRlY0NNcDNYVjJxIiwic3ViIjoiemhlQG5ibWUub3JnIiwiYXVkIjoiaHR0cHM6Ly9sb2dpbi5zYWxlc2ZvcmNlLmNvbSIsImlhdCI6MTU1NTYwMzc4NywibmJmIjoxNTU1NjAzNzU3LCJleHAiOjE1NTU2MDQwODcsImp0aSI6IjJjZjg1ZTE5LTE1MjMtNDgyNS04MjEyLTcwNzQ2NTcwNDk1NSIsInNjb3BlIjoic2NvcGUgbmFtZSJ9.WU3QTDA5ixc1dG5fTYtdHKbkNoTglFYfu9XznzeqEAq6w44db

Java code for validation

final String ISSUER = "https://login.salesforce.com";
        final String KEY_ENDPOINT = ISSUER + "/id/keys";
        final String AUDIENCE = "https://login.salesforce.com";

        boolean isValidAssetToken = false;
        String assetToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlNlbGZTaWduZWRDZXJ0XzAyRmViMjAxOV8yMTA2MjMifQ.eyJpc3MiOiIzTVZHOUtzVmN6Vk5jTTh5LkZQTnlaLkJVOUkxaG56RllSMVZCdHF4SXlBMm1Kb0o4enNId3pFRThHa3l0SndYV2hTVHd1bEJ1MTRlY0NNcDNYVjJxIiwic3ViIjoiemhlQG5ibWUub3JnIiwiYXVkIjoiaHR0cHM6Ly9sb2dpbi5zYWxlc2ZvcmNlLmNvbSIsImlhdCI6MTU1NTYwMzc4NywibmJmIjoxNTU1NjAzNzU3LCJleHAiOjE1NTU2MDQwODcsImp0aSI6IjJjZjg1ZTE5LTE1MjMtNDgyNS04MjEyLTcwNzQ2NTcwNDk1NSIsInNjb3BlIjoic2NvcGUgbmFtZSJ9.WU3QTDA5ixc1dG5fTYtdHKbkNoTglFYfu9XznzeqEAq6w44db";

        // The HttpsJwksVerificationKeyResolver uses JWKs obtained from the HttpsJwks and
        // selects the most appropriate one to use for verification based on the Key ID and other factors
        // provided in the header of the JWS/JWT.
        HttpsJwks httpsJkws = new HttpsJwks(KEY_ENDPOINT);
        HttpsJwksVerificationKeyResolver httpsJwksKeyResolver = new
                HttpsJwksVerificationKeyResolver(httpsJkws);

        // The JwtConsumer establishes the rules for Validation of our asset token.
        JwtConsumer jwtConsumer = new JwtConsumerBuilder()
                .setVerificationKeyResolver(httpsJwksKeyResolver)
                .setRequireExpirationTime() // The JWT must have an expiration time.
                .setAllowedClockSkewInSeconds(30) // Allow some leeway in validating time-based claims to account for clock skew.
                .setExpectedIssuer(ISSUER) // Entity that the asset token must be issued by.
                .setExpectedAudience(AUDIENCE) // Entity that the asset token is intended for.
                .build(); // Create the JwtConsumer instance.
        try {
            // Validate the JWT and process it to the Claims.
            JwtClaims jwtClaims = jwtConsumer.processToClaims(assetToken);
            isValidAssetToken = true;
        } catch (InvalidJwtException e) {
            // InvalidJwtException thrown if the asset token failed processing or validation.
            System.out.println("Invalid Asset Token: " + e);
        }

 

I log into community, click user profile menu --> My Profile --> Settings & Preferences, on the account details tab, I see some fields, I checked the page layouts for Account object, but they doesn't match, wondering where is the layout for the account details under my settings?
Thanks!

I log into the same org with the same account (system admin profile) on classic view on Chrome on different machine, I noticed the setup page layout is different.
My work machine let me advance search by Select Metadata, my home machine doesn't. Any idea what makes the difference? Thanks.

 

We defined custom field Registration with data type Lookup in case. 
The registration is the parent, and case is the child. The SOQL shows the registration as 2 cases realted. But when I went to each case, I noticed that one case has the registration showing in the related list, another one doesn't. Any idea? Thanks!

I am System Administrator, and the following view has filter that all users having System Administrator profile, I see that some admins have Login link, so I can by click the Login to impersonate them, but some admins don't have the Login link, what causes the difference, they all have the same System Administrator profile.

Thanks.

I have 2 accounts, one is trailhead account, another one is developer edition account, both accounts are assigned with the system administrator profile. When I am on setup profiles page, I notice that the trailhead account has the Edit action next to each profile even it's standard profile, but with another account, the Edit action is not there, no matter it's custom or standard profile. Please see the screen shot. How to get the Edit action enabled? Thanks.




 

I am exploring our current community via community builder, I noticed that some custom components have the lightning icon next to it, but some doesn’t. Please see the screen shot, wondering what makes the difference, all components  implements="forceCommunity:availableForAllPageTypes", they are all aviable to the community.

I am exploring our current system setup a year ago. We have some custom fields for Account sObject, like medical school, etc. When I click edit, I can edit the medical school infos from the pop up, but I cannot find the page layout for it. I looked at all the page layouts for account, none of them has the medical school fields on the account detail section, where is the layout for the edit page? Thanks.

I am exploring our current system, in app launcher, I see 2 apps xx's console and xx's services that I can launch them from the app launcher, but I couldn't find them in the setup, app manager, anything I am missing? Thanks.

Standard object account, cannot find field IsPersonAccount  from setup, object manger, but I can see it from the workbench, also the SOQL return that value



 

I am reading the current code wriiten by our contractors, I notiched that there is a custom object which I am able to see from workbench and developer console, but cannot find it on setup->object mamanger, any idea? Thanks!

Tried to open developer console this morning from my working machine, tried different orgs, all got unknown error. What should I look at to fix the error?

Hello,

New to Salesforce, and am learning Apex web services.
Assume there is no source-driven development in our team, and developers write their own web services through console, how can I get the whole list of existing Apex web services, any utilities or I have to open each Apex class to figure out?

Thanks.

We defined custom field Registration with data type Lookup in case. 
The registration is the parent, and case is the child. The SOQL shows the registration as 2 cases realted. But when I went to each case, I noticed that one case has the registration showing in the related list, another one doesn't. Any idea? Thanks!

I am exploring our current system setup a year ago. We have some custom fields for Account sObject, like medical school, etc. When I click edit, I can edit the medical school infos from the pop up, but I cannot find the page layout for it. I looked at all the page layouts for account, none of them has the medical school fields on the account detail section, where is the layout for the edit page? Thanks.

I am exploring our current system, in app launcher, I see 2 apps xx's console and xx's services that I can launch them from the app launcher, but I couldn't find them in the setup, app manager, anything I am missing? Thanks.

I am reading the current code wriiten by our contractors, I notiched that there is a custom object which I am able to see from workbench and developer console, but cannot find it on setup->object mamanger, any idea? Thanks!

Tried to open developer console this morning from my working machine, tried different orgs, all got unknown error. What should I look at to fix the error?

Hello,

New to Salesforce, and am learning Apex web services.
Assume there is no source-driven development in our team, and developers write their own web services through console, how can I get the whole list of existing Apex web services, any utilities or I have to open each Apex class to figure out?

Thanks.