/
Enable Digital Signatures in the Connected App (Code)

Enable Digital Signatures in the Connected App (Code)

Owned by Abraham Lloyd
Last updated: Sept 14, 2024
6 min read

This documentation provides a walkthrough demonstrating how to execute our connected app digital signature enablement Apex Script via the Developer Console in your Salesforce org.

Admin access with Apex permissions is required to execute Apex Scripts from the Developer Console. Only users with administrative access should perform this activity. Please verify your access with your Salesforce Admin before executing this script.

APPLIES TO | CUNEIFORM FOR CRM FIELD AND DATA MANAGEMENT

 

Add the Self-Signed Certificate to the Connected App
Enable Digital Signatures via the Connected App

Enable Digital Signatures in the Cuneiform for CRM: Connected App

ONE MINUTE

As the final configuration step – we need to configure our Connected App to use digital signatures. Use this script to automate assigning the self-signed certificate to the Connected App. Once this step is complete, you can verify your configuration via our Control Panel.

About this Apex Script

We’ve created an Anonymous Apex script to simplify the last step in our setup process: enabling digital signatures in the Cuneiform for CRM: Connected App. Cuneiform for CRM uses a Connected App to securely access Salesforce REST APIs. The Connected App allows Salesforce customers to customize how API access is provided based on their security policies and preferences. We apply your self-signed certificate to the Connected App to ensure only authorized users can access it.

The script will:

  • Verify that the Cuneiform for CRM: Self-Signed Certificate exists

  • Verify that the Cuneiform for CRM: Connected App exists

  • Enable digital signatures in the Connected App by associating the self-signed certificate with it

The script will provide output to the user explaining the script outcome.

You can use this script to complete your configuration. Alternatively, you can follow these steps to enable digital signatures in your Connected App via Salesforce Setup.

Execute the Anonymous Apex Script

Please copy this script to your clipboard. You can execute it against your Salesforce org via SFDX, your Salesforce IDE (ex. VSCode), or the Developer Console.

We provide guidance on executing this script via the Developer Console below. Open this expand-element to see the Anonymous Apex script – and copy it to your clipboard.

Open this expand-element to see the Anonymous Apex script – and copy it to your clipboard.

// Initialize local variables HttpRequest req; HttpResponse res; String headerXML; String updateHeaderXML; String closeXML; String sessionHeaderXML; String connectedAppXML; String certificateXML; String retrieveCertificateXML; String retrieveConnectedAppXML; String updateConnectedAppXML; String updateContainerXML; String digitalCertificateXML; String updateResponseXML; String certContent; // Default the ConnectedApp Name String connectedAppName = 'Cuneiform_for_CRM_Connected_App'; // Initialize the visual formatting variables String spacer = ' '; String bdr = '---------------------------------------------------------------------------------------------------------------------------------'; System.debug(bdr); System.debug(spacer + 'Cuneiform for CRM: Field and Data Management: Configuration Apex Script'); System.debug(spacer + '6. Associate Your Self-Signed Certificate to the Connected App.'); // Initialize the xml document containing the read-request details headerXML = '<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tns="http://soap.sforce.com/2006/04/metadata">'; updateHeaderXML = '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tns="http://soap.sforce.com/2006/04/metadata">'; sessionHeaderXML = '<soapenv:Header><tns:SessionHeader><tns:sessionId>{0}</tns:sessionId></tns:SessionHeader></soapenv:Header><soapenv:Body>'; retrieveCertificateXML = '<tns:readMetadata><type>Certificate</type><fullNames>Cuneiform_for_CRM_Self_Signed_Certificate</fullNames></tns:readMetadata>'; retrieveConnectedAppXML = '<tns:readMetadata><type>ConnectedApp</type><fullNames>' + connectedAppName + '</fullNames></tns:readMetadata>'; updateContainerXML = '<updateMetadata xmlns="http://soap.sforce.com/2006/04/metadata"><metadata xsi:type="ConnectedApp">{0}</metadata></updateMetadata>'; closeXML = '</soapenv:Body></soapenv:Envelope>'; // Seed the user's session for authentication sessionHeaderXML = String.format(sessionHeaderXML, new String[] {UserInfo.getSessionId()}); retrieveCertificateXML = headerXML + sessionHeaderXML + retrieveCertificateXML + closeXML; retrieveConnectedAppXML = headerXML + sessionHeaderXML + retrieveConnectedAppXML + closeXML; // Initialize the httpRequest to verify and retrieve the certificate req = new HttpRequest(); req.setEndpoint(Url.getOrgDomainUrl().toExternalForm() + '/services/Soap/m/60.0'); req.setMethod('GET'); req.setHeader('SOAPAction', '""'); req.setHeader('Content-Type', 'text/xml'); req.setHeader('Authorization', 'Bearer ' + UserInfo.getSessionId()); req.setBody(retrieveCertificateXML); // Process the httpRequest res = new Http().send(req); certificateXML = res.getBody(); // Confirm that the certificate already exists if (!certificateXML.contains('<fullName>Cuneiform_for_CRM_Self_Signed_Certificate</fullName>')) { System.debug(bdr); System.debug(spacer + 'We were unable to verify the [Cuneiform for CRM: Self-Signed Certificate] exists.'); System.debug(spacer + 'Please check [Certificate and Key Management] within Salesforce Setup and'); System.debug(spacer + 'Manually verify that the certificate exists.'); System.debug(spacer); System.debug(spacer + 'If you need to create the certificate, please visit '); System.debug(spacer + 'https://peernova.link/cuneiform/fdm/setup/step-000'); System.debug(spacer + 'and execute the Anonymous Apex script to create the certificate.'); System.debug(bdr); } else { // Update the request and validate the ConnectedApp was found req.setBody(retrieveConnectedAppXML); // Execute the request res = new Http().send(req); connectedAppXML = res.getBody(); // Confirm that the connectedApp already exists if (!connectedAppXML.contains('<fullName>' + connectedAppName + '</fullName>')) { System.debug(bdr); System.debug(spacer + 'We were unable to verify the [Cuneiform for CRM: Connected App] exists.'); System.debug(spacer + 'Please check [Connected Apps] within Salesforce Setup'); System.debug(spacer + 'and manually verify that the Connected App exists.'); System.debug(spacer); System.debug(spacer + 'If you need to create the Connected App, please visit '); System.debug(spacer + 'https://peernova.link/cuneiform/fdm/setup/step-006'); System.debug(spacer + 'and execute the Anonymous Apex script to create the Connected App.'); System.debug(bdr); } else { // Retrieve the certificate content and append it to the connectedApp definition certContent = certificateXML.substringBetween('<content>', '</content>'); digitalCertificateXML = '<certificate>' + certContent + '</certificate></oauthConfig>'; connectedAppXML = connectedAppXML.replace('</oauthConfig>', digitalCertificateXML).substringBetween('<result><records xsi:type="ConnectedApp">', '</records>'); // Create the connectedApp update details and set the request updateConnectedAppXML = updateHeaderXML + sessionHeaderXML + updateContainerXML + closeXML; updateConnectedAppXML = String.format(updateConnectedAppXML, new String[] {connectedAppXML}); req.setBody(updateConnectedAppXML); // Execute the request res = new Http().send(req); updateResponseXML = res.getBody(); // Confirm that we were able to update the ConnectedApp if (updateResponseXML.contains('<success>true</success>')) { System.debug(bdr); System.debug(spacer + 'The Cuneiform for CRM: Connected App was successfully updated. Please'); System.debug(spacer + 'examine the Connected App to verify the digital certificate was added.'); System.debug(spacer); System.debug(spacer + 'Nice Work! We have updated the Connected App to include the digital'); System.debug(spacer + 'certificate. You are now ready to validate your configuration.'); System.debug(spacer); System.debug(spacer + 'Please follow our remaining installation instructions via'); System.debug(spacer + 'https://peernova.link/cuneiform/fdm/setup/verify'); System.debug(spacer + 'to verify your configuration via our Control Panel.'); System.debug(bdr); } else { System.debug(bdr); System.debug(spacer + 'We were unable to update the Cuneiform for CRM: Connected App. Please review the error response for details.'); System.debug(spacer + 'Metadata API Error Response:'); System.debug(spacer); System.debug(updateResponseXML.mid(updateResponseXML.indexOf('<errors>'), updateResponseXML.indexOf('</errors>') - (updateResponseXML.indexOf('<errors>') - 9))); System.debug(spacer); System.debug(spacer + 'Please review Metadata API Error Response, and try again. Verify that you have access'); System.debug(spacer + 'and permission to update Metadata via the Metadata API, and that the Cuneiform for CRM'); System.debug(spacer + 'Connected App already exists in your Org.'); System.debug(bdr); } } }

Execute Digital Signatures App Apex Script

Follow these steps to open the Developer Console and execute our script that assigns Cuneiform for CRM: Self-Signed Certificate to the Cuneiform for CRM: Connected App.

  1. Copy the Anonymous Apex Script to your clipboard.

  2. Log into your Salesforce org – and launch the Developer Console.

image-20240611-203112.png
Launch the Developer Console via the Gear Icon used to Open Salesforce Setup.

  1. Launch the Execute Anonymous window from within the Developer Console. The Execute Anonymous Window modal is available on the Debug menu.

image-20240611-203405.png
Open the Execute Anonymous window via the Debug menu in the Developer Console.

  1. Paste the Anonymous Apex script in the Anonymous Apex Window.

  2. Execute the Anonymous Apex Script by clicking on the Execute button.

image-20240910-181053.png
Pase the Anonymous Apex Script into the Apex Code window – and click Execute.

  1. Open the log file generated by the script – and filter on the debug results to view the output. Please select the most recent unread tooling API log entry – as this script will generate two log files (one labeled N/A and the other highlighted below).

Select the blue-highlighted debug.log as highlighted in the screenshot below.

image-20240612-031102.png
Open the generated log file – and enable the Debug filter to view the script output.

  1. View the debug output and verify the Apex script associated your Cuneiform for CRM: Self-Signed Certificate with the Cuneiform for CRM: Connected App.

image-20240910-181713.png
Verify from the script output that digital signatures were enabled on the Connected App.

Congratulations! You’ve completed the script-driven configuration of Cuneiform for CRM. You are now ready to verify your configuration – and start profiling. Please visit the Cuneiform for CRM: Control Panel to verify your configuration.