TIB Provider not found error

Sunayana_Sarangi · September 27, 2018, 11:10am

Hi Team,

I am trying to use tyk identity broker with salesforce as the identity provider. I have setup a profile for salesforce using the api and made required changes in my profiles.json file. However I am getting a “Provider not found” error. Is this because I have missed some configuration or is it because tyk doesnot have configurations for salesforce as identity provider.

My profiles.json file is
[
{
“ActionType”: “GenerateOrLoginUserProfile”,
“ID”: “1”,
“IdentityHandlerConfig”: {“DashboardCredential”: “2486ee5c73864fc77be703802151d5c3”},
“MatchedPolicyID”: “5ba8ea4cac747b15411c46ec”,
“OrgID”: “5ba8e381ac747b15411c46ea”,
“ProviderConfig”: {
“CallbackBaseURL”: “http://f40729df.ngrok.io”,
“FailureRedirect”: “https://embeded-login.herokuapp.com”,
“UseProviders”: [{
“Key”: “",
“Name”: “salesforce”,
“Secret”: "",
“DiscoverURL”: "*****/.well-known/openid-configuration”
}]
},
“ProviderName”: “ProxyProvider”,
“ReturnURL”: “https://embeded-login.herokuapp.com”,
“Type”: “redirect”
}
]

tyk.conf file:
{
“listen_port”: 8080,
“node_secret”: “352d20ee67be67f6340b4c0605b044b7”,
“secret”: “352d20ee67be67f6340b4c0605b044b7”,
“template_path”: “/opt/tyk-gateway/templates”,
“use_db_app_configs”: true,
“db_app_conf_options”: {
“connection_string”: “”,
“node_is_segmented”: false,
“tags”:
},
“disable_dashboard_zeroconf”: false,
“app_path”: “/opt/tyk-gateway/apps”,
“middleware_path”: “/opt/tyk-gateway/middleware”,
“storage”: {
“type”: “redis”,
“host”: “localhost”,
“port”: 6379,
“username”: “”,
“password”: “”,
“database”: 0,
“optimisation_max_idle”: 2000,
“optimisation_max_active”: 4000
},
“enable_analytics”: true,
“analytics_config”: {
“type”: “”,
“ignored_ips”: ,
“enable_detailed_recording”: true,
“enable_geo_ip”: false,
“geo_ip_db_path”: “”,
“normalise_urls”: {
“enabled”: true,
“normalise_uuids”: true,
“normalise_numbers”: true,
“custom_patterns”:
}
},
“health_check”: {
“enable_health_checks”: false,
“health_check_value_timeouts”: 60
},
“optimisations_use_async_session_write”: true,
“allow_master_keys”: false,
“policies”: {
“policy_source”: “service”,
“policy_connection_string”: “”,
“policy_record_name”: “tyk_policies”,
“allow_explicit_policy_id”: true
},
“hash_keys”: true,
“suppress_redis_signal_reload”: false,
“use_redis_log”: true,
“close_connections”: false,
“enable_non_transactional_rate_limiter”: true,
“enable_sentinel_rate_limiter”: false,
“experimental_process_org_off_thread”: false,
“local_session_cache”: {
“disable_cached_session_state”: false
},
“http_server_options”: {
“enable_websockets”: true
},
“uptime_tests”: {
“disable”: false,
“config”: {
“enable_uptime_analytics”: true,
“failure_trigger_sample_size”: 2,
“time_wait”: 10,
“checker_pool_size”: 50
}
},
“hostname”: “”,
“enable_custom_domains”: true,
“enable_jsvm”: true,
“oauth_redirect_uri_separator”: “;”,
“coprocess_options”: {
“enable_coprocess”: false,
“coprocess_grpc_server”: “”
},
“pid_file_location”: “./tyk-gateway.pid”,
“allow_insecure_configs”: true,
“public_key_path”: “”,
“close_idle_connections”: false,
“allow_remote_config”: false,
“enable_bundle_downloader”: true,
“bundle_base_url”: “”,
“global_session_lifetime”: 100,
“force_global_session_lifetime”: false,
“max_idle_connections_per_host”: 500
}

Any help will be greatly appreciated.
Thanks
Sunayana

Josh · September 27, 2018, 11:25am

Hi

TIB does not currently support saleforce as a provider, however Tyk Identity Broker is an open source project so you can either fork it or make the change you need to get it working and submit a pull request.

You can see the list of supported providers in the code here:

github.com

TykTechnologies/tyk-identity-broker/blob/41a31626310769914197198c19e47257675cb225/providers/social.go#L90


      
          	s.toth = toth.TothInstance{}
          	s.toth.Init()
          
          
	unmarshallErr := json.Unmarshal(config, &s.config)
          	if unmarshallErr != nil {
          		return unmarshallErr
          	}
          
          
	// TODO: Add more providers here
          	gothProviders := []goth.Provider{}
          	for _, provider := range s.config.UseProviders {
          		switch provider.Name {
          		case "gplus":
          			gothProviders = append(gothProviders, gplus.New(provider.Key, provider.Secret, s.getCallBackURL(provider.Name)))
          
          
		case "github":
          			gothProviders = append(gothProviders, github.New(provider.Key, provider.Secret, s.getCallBackURL(provider.Name)))
          
          
		case "twitter":
          			gothProviders = append(gothProviders, twitter.New(provider.Key, provider.Secret, s.getCallBackURL(provider.Name)))

Thanks
Josh

Josh · September 27, 2018, 11:26am

I checked and salesforce is a possibly provider you can add.

Thanks

Sunayana_Sarangi · September 27, 2018, 12:23pm

Hi Josh,

thankyou so much, I will try and get back.

Thanks
Sunayana

Yaara · September 27, 2018, 1:42pm

Hi
Please change the name to from “salesforce” to “openid-connect”. We support ANY provider that follow the OIDC standards (with /authorize and /token calls).

This is the line in the code:

github.com

TykTechnologies/tyk-identity-broker/blob/87caa4e62004620a989774c29e78f290cf88fc67/providers/social.go#L113


      
          
          
		case "dropbox":
          			gothProviders = append(gothProviders, dropbox.New(provider.Key, provider.Secret, s.getCallBackURL(provider.Name)))
          
          
		case "digitalocean":
          			gothProviders = append(gothProviders, digitalocean.New(provider.Key, provider.Secret, s.getCallBackURL(provider.Name)))
          
          
		case "bitbucket":
          			gothProviders = append(gothProviders, bitbucket.New(provider.Key, provider.Secret, s.getCallBackURL(provider.Name)))
          
          
		case "openid-connect":
          
          
			gProv, err := openidConnect.New(provider.Key, provider.Secret, s.getCallBackURL(provider.Name), provider.DiscoverURL)
          			if err != nil {
          				log.Error(err)
          				return err
          			}
          
          
			// See https://godoc.org/golang.org/x/oauth2#RegisterBrokenAuthHeaderProvider
          			if provider.DisableAuthHeaderProviderDomain != "" {
          				oauth2.RegisterBrokenAuthHeaderProvider(provider.DisableAuthHeaderProviderDomain)

Thanks
Yaara

Sunayana_Sarangi · September 27, 2018, 2:27pm

Hi Yerra, thanks. I have a followup question. For the MatchedPolicyId I am crreating an API and a policy. Do I need to create an OpenID Api and a matched policy?

Sunayana_Sarangi · September 28, 2018, 9:34am

Hi Team,

i was able to solve the “Provider not found” issue by changing the provider name to “openid-connect” and I am successfully being redirected to the salesforce login page. However, the callback is failing. I am getting this error “The requested URL /auth/2/openid-connect/callback” was not found on this server. Can anyone help with this?

PS: I am running tib in a virtual box and using ngrok to redirect 80 to localhost:3010. I am not sure if this information is useful, just in case.

Thanks,
Sunayana

Josh · September 28, 2018, 1:15pm

That error is not coming from Tyk from what i can tell. Where do you see it?

Sunayana_Sarangi · September 28, 2018, 1:30pm

Hi Josh,

I am getting this error when I login to the salesforce login screen after the authentication starts. On the address bar I see the authorization code from salesforce. The callback to exchange the token for the code is not happening. I am following the tutorial for setting up SSO with okta.

Sunayana_Sarangi · October 1, 2018, 11:44am

Hi Josh,

i figured out that this error was due to my bad, I forwarded the ngrok to 80 instead of 3010 due to which the callback was not happening.

Thanks
Sunayana

jowin_leo · December 15, 2020, 3:20am

Thank for your help bro, for more visit the leading Salesforce development company in USA for more details