Lexmark integrated Salesforce with Adobe Experience Manager using closed user groups to create customized portals. They developed a solution that creates a user repository in AEM synced from Salesforce. AEM closed user groups are based on Salesforce enrollments, with a login hook triggering synchronization. This addresses complications from maintaining portal data across multiple systems and user attributes.
1. AUGUST 17, 2015
INTEGRATING SFDC AND AEM
How Lexmark integrated SFDC with Closed User Groups to create customized portals
2. 2
• Background
• The Problem
• The Approach
• Roadblocks
• Solution Architecture
• Replication/User Management
• SAML
• SFDC
• Demonstration
AGENDA
3. 3
• About Lexmark
• 51 Public Sites in 23 languages
• 42 Partner Sites in 18 languages
• 20K+ Partner Accounts, 60K+ User Accounts
• Complicated user/company profile
• New programs added regularly
• SFDC is system of record
• Content visibility driven by enrollments/metadata
in SFDC
“Lexmark sells its products and
services in more than 170
countries, and is a recognized
global leader by many of the
technology industry’s leading
market analyst firms. Lexmark has
also acquired and integrated
several strategic software
companies since 2010, further
expanding the company’s
breadth of offerings to include
innovative software solutions.”
BACKGROUND
4. 4
• Complicated Portal Ecosystem
• Data Maintenance Nightmare
• Volume of records to synchronize
• “Administration” access
• Provisioning lagtime
• Company vs. Location vs. User attributes
THE PROBLEM
“A single source for
partner
information.”
5. 5
Did not work:
• Cache profile real-time from SFDC
• Client Context
• Full sync of user records
Solution:
• Create User Repository in AEM
• AEM Closed User Groups based on SFDC
Enrollments
• Use a login hook in Shibboleth to trigger sync
• Develop admin screens/exception emails for
troubleshooting
THE APPROACH
6. 6
• Replication (Reverse/Pub2Pub)
• Workflows (Master/Slave)
• Latency in group enrollments
• Node corruption
• Queue Management
• Initial Migration
• SFDC record Listener
• ETL to other systems (ie. DealerFinder, Virtual Solution Center)
ROADBLOCKS
7. 7
• User Repository Data Model
• SFDC Endpoint/Security
• Shibboleth for SAML
• SCIM service for LDAP User Creation
• CUG Sync/Creation
• CUG Enrollment Service
• Admin Screens
• Exception Reporting
• Pub2Pub Replication
• Reverse Replication Enhancement
THE SOLUTION (COMPONENTS)
9. 9
• AEM SAML maturity in an Enterprise
• Single Logout
• Multiple Domains
• Application server SAML vs. Webserver SAML
• Shibboleth planning considerations
• Shared Cache
• Login Hook
• Auto-provision internal users
• Security between webserver and app server
SAML
10. 10
Listeners
Custom End-Point for Users
Standard End-Point for Programs/Offers
Standard End-Point for New Users
LDAP User Creation
Cloud Connector (Encryption Key)
Posting Cases
SFDC
11. 11
SiteMinder/Ping
SFDC
extsignon-partner.lexmark.com
(IDM Login Screen)
Redirect to check auth
/bin/lexmark/login/sync
Apache/Shibboleth
partnernet.lexmark.com/
dashboard
partner.perceptivesoftware.com
AEM User Repository
(synced from SFDC)
sync servlet
in aem-lexmark/partnernet
(to update AEM User Db)
SFDC Returns
enrollments/metadataReturns user to original URL
Header passes assertion data to AEM
partnernet.lexmark.com
Originating URL appended as query string
Returns user to original URL
partner.perceptivesoftware.com
Originating URL appended as query string
THE SOLUTION (FLOW)
12. 12
SiteMinder/Ping
SFDC
partners.lexmark.com
extsignon-partner.lexmark.com
(IDM Login Screen)
Redirect to check auth
/bin/lexmark/login/sync
Apache/Shibboleth
redirect servlet
in aem-lexmark/partnernet
(logic for url, user
combinations)
partnernet.lexmark.com/
dashboard
partner.perceptivesoftware.com lexmark.my.salesforce.com
AEM User Database
(synced from SFDC)
sync servlet
in aem-lexmark/partnernet
(to update AEM User Db)
SFDC Returns enrollment for
Communities Access
Originating URL appended as query string
Header passes assertion data to AEM
partners.lexmark.com/
redirect
partnernet.lexmark.com
Originating URL appended as query string
Returns user to original URL
partner.perceptivesoftware.com
Originating URL appended as query string
THE SOLUTION (TODAY)
User provisioning
Show lead form, discuss form action, servlet
Post lead
Find lead in SFDC (or use backup)
Discuss immutable ID
Show Get to SCIM service w about ID, discuss
Discuss current AEM provisioning
sync cron job, queries used
mail notification to new users when complete - using MessageGateway
for demo purposes going to use admin forms
Open Admin Forms
discuss implementation -xpath, custom components, form actions, OOTB components, load path, current usage
example of data model
show user not in AEM based on immutable ID search
force sync the user based on ID
discuss user creation process via jackrabbit.api.security.user.* classes
Log in to site w new user
Discuss login sync - asynchronous, currently done for every login
Go back to SFDC and change user's name
re-login and refresh
Show session hook code and discuss at high level
CUG’ed content and ties to salesforce enrollments
Show page on author - https://webauthor.lexmark.com/cf#/content/iss/partnernet-lexmark-com/en_us/support.html - show cug'ed subpages and parsys
show a test user in admin forms / SFDC
log in with test user and show they have basic view
Discuss custom SFDC endpoint
GET on custom endpoint w immutable ID, callout the programs
add BSD program enrollment in SFDC to test users L5 account
Sync in Admin form (or login)
reshow user content of same page
show SalesforceQuery code, discuss other pieces
CUG sync
discuss requirements, implementation
show CUGSync code?
screenshot of map?
Replication
discussion and history
discuss current solution
status, slow, but stable. still some hiccups
mention QA monitoring tools, notification, and force replication process
show code?