Lately I’ve been playing around with Azure and integrating Salesforce and Azure. One of the integration patterns calls for using Json Web Tokens (JWT) that you can the exchange for an access token in Azure. There is a catch however…
Since Azure requires that the thumbprint of the certificate be added to the header of the JWT (using the key “x5t”) we cannot use the built in support for JWT in Named Credentials as there are no provisions for custom header key/values. The JTW/JWS classes in Apex cannot be used either as we cannot customize the header there either. Building upon https://github.com/salesforceidentity/jwt I’ve created https://github.com/lekkimworld/azurejwt-apex that bridges the gap.
This allows you to build and sign a JWT that you may exchange for an access token using your tenants OAuth token endpoint v.2 in Azure. Example Apex code is like this:
// declarations (because I'm old school)
final String azureClientId = '88d888a5-0cf4-473a-b9a0-7c88e6fc888e';
final String azureTenantId = 'b34feb2b-132f-4322-af1d-c888f5d888d0';
final String azureCertThumbprint = '4rElsDFTysrbKhB0zTsrRNSxT6s=';
final String azureScopes = '5384888d-868f-442b-b1b3-8688807de914/.default';
// create JWT with certificate from keys mgmt and set the x5t in the header to the
// thumbprint of the cert as expected by Azure
AzureJWT jwt = new AzureJWT();
jwt.cert = 'JWT_Callout_Certificate';
jwt.iss = azureClientId;
jwt.sub = azureClientId;
jwt.aud = 'https://login.microsoftonline.com/' + azureTenantId + '/oauth2/v2.0/token';
jwt.x5t = azureCertThumbprint;
// invoke the flow and obtain an access_token
final String access_token = AzureJWTBearerFlow.getAccessToken(azureClientId, azureTenantId, azureScopes, jwt);
// use the access token against a Function App in Azure
HttpRequest req = new HttpRequest();
req.setHeader('Authorization', 'Bearer ' + access_token);
Http http = new Http();
HTTPResponse res = http.send(req);
In the https://github.com/lekkimworld/azurejwt-apex Github repo you will find the two Apex classes from the above example together with the example code.
The certificate thumbprint (bold above) isn’t the regular SHA-1 thumbprint but is a special hexdump/base64 encoded edition. To make it even more interesting the thumbprint displayed in Azure Portal is not the thumbprint we need. The thumbprint/hash may be computed this like (gleaned from https://stackoverflow.com/a/52625165):
echo $(openssl x509 -in yourcert.pem -fingerprint -noout) | sed 's/SHA1 Fingerprint=//g' | sed 's/://g' | xxd -r -ps | base64
As you know Lotus Notes is built on Eclipse so following Eclipse plugins and projects makes a lot of sense from a platform point of view. Surfing the other day I stumbled over an Eclipse project that provides a Ribbon IDE for the Eclipse platform. It makes your mind wander to Microsoft centric but it might make sense for other applications incl. Lotus Notes.
For more info see “Eclipse plug-in sightseeing: Ribbon IDE / Eclipse”. There’s also a PDF showing it off.
With all the talk we have been having around Lotusphere presentations and the availability of session presentations and video afterwards it’s strangely refreshing to see how Microsoft approach their MIX10 conference which was just held in Las Vegas. If you go to live.visitmix.com/videos you are able to download all presentations and download or stream all sessions as video (WMV for HD and h.264). They even provide a downloader to download all the contents in one go.
How do you like them apples?
You might already know of this but I suggest you listen to the Windows Weekly podcast episode 56 and episode 57 for info on the upcoming Microsoft Mesh. In episode 57 there are comments about Lotus Notes and how Ray Ozzie took the thunder of Notes and brought it to Microsoft.
While cleaning up today I found an interesting piece of information in the Microsoft Action Pack material. It appears that the 30 day grace period of Windows Vista can be extended to 90 days by rearming the installation (you should also disable auto-activation during the installation). This is great for testing purposes.
To rearm Windows start a command-prompt with admin. privileges and run
cscript %windir%system32slmgr.vbs -rearm
The script can also be used to active Windows using the -ipk switch followed by the 25 digit activation code.
Nice video of the Lotus Sametime integration into Microsoft Office incl. Outlook (main focus is on Outlook). It’s nice even if you just need to see what the integration looks like since you’re probably running Notes. Right? 🙂
I know it wont be available until the end of the year but Microsoft Windows Home Server looks really nice. A server product built especially for the home with built in support for managing the computers on the home network incl. making backup images etc.
Will probably have to do some coding in C# one of these days so I’d better start reading up. Found an article via Google which looks like a promising no-nonsence way to start: A COMPARISON OF MICROSOFT’S C# PROGRAMMING LANGUAGE TO SUN MICROSYSTEMS’ JAVA PROGRAMMING LANGUAGE by Dare Obasanjo.
yeasterday I have been reinventing the wheel and (re)writing XPath 2.0 functions as named XSLT templates since the MSXML 3 in Internet Explorer 6 isn’t XPath 2.0 compliant. As always there is however a Microsoft proprietary solution using the urn:schemas-microsoft-com:xslt namespace. This namespace adds support for a number of utility functions as mentioned in the “Microsoft XPath Extension Functions“-article over at Microsoft Developer Network.
You have to be running MSXML 4 for this namespace to work however which means that even the proprietary solution isn’t workable for me since MSXML 3 is the default for Internet Explorer 6.
While researching this subject I found that MSXML 3 (or 4) isn’t the newest version. There is a MSXML 5 (only used with Office 2003) and a MSXML 6 (supplied with Visual Studio 2005). Even the newest MSXML 6 doesn’t however support XPath 2.0. The supported API’s in MSXML 6 is:
- XML 1.0 (DOM & SAX2 APIs)
- XML Schema (XSD) 1.0
- XPath 1.0
- XSLT 1.0
Come on already – please implement the standards!