Saturday, October 17, 2020

Cookies, anyone?

 

Our application started having integration issues early March this year. Did I say that was intermittent? To add to our confusion, we could not replicate it in our testing environments!

The integration point is a 3rd party payment gateway. Our application logs indicated that our code was not getting hit by the payment gateway site.

We had not changed our code since years. I know. I know. That's an excuse we developers tell you if you encounter us with a problem. This was different. No code changes. No changes to settings in the payment gateway either.

What happened? What changed? Why was this occurring?

During the months of April and May, the occurrences reduced. By the time we were ready to write it off as another network issue, it resurfaced in late June. And it spiked during July, increasing its clout in August and September!

While we were rummaging through the logs (and the code) over and over again, a StackOverflow conversation appeared in our inbox - regarding a restriction imposed by Chrome on the SameSite attribute of the cookies. We were sure of neither setting any cookies nor using any ASP.NET Session in our code, BUT, the trend matched the SameSite timeline.

Why was this happening? And why not in testing environments?

During our investigation, we noticed one thing that caught our eye - there were entries in IIS logs for the integration URL (our app), with no userid (empty cs-username). The timestamp of problematic transactions in payment gateway and that of these entries matched. Where is this userid coming from? It turned out to be Siteminder, our Identity Provider.

Through our FRT (Failure Request Tracing) logs we found that SMSESSION cookie (set by Siteminder) was not being passed by the browser when navigating back from the payment gateway for these transactions. Cookie! Found the cookie! And guess what! We were not setting the SameSite attribute for the cookie! Since SMSESSION was not being returned by the browser when navigating from payment gateway, the users where getting kicked off and hence the blank userids in IIS logs (which means Access Denied).

Whew!

So, what the browser (Chrome dear Chrome) does is when you don't set the SameSite attribute to the cookie you create, it adds one for you - with a value of Lax. It is less restrictive than Strict. With one caveat - With Lax, cookies will not be preserved across different domains and if a POST is involved. The lesson learned is that if you are creating a cookie, you must specify the SameSite attribute - with the values None, Lax or Strict. With None, you have to specify secure also for it to work.

You can learn more about SameSite here. This article mentions about how SameSite attribute changes affects SMESSION on a cross-domain setting.

Finally, we deployed the change in the Siteminder agent to set the SameSite attribute to None, and hola! we started seeing more and more transactions coming in from the payment gateway. If it was not for Covid19, there would have been a party at our workplace,

Every thriller has a twist and a cliffhanger.

The twist is that SameSite is not supported by all browsers. We have to keep in mind when we implement the solution. The list of incompatible browsers are listed in the article.

The cliffhanger is that we are not able to reproduce the issue in testing environments till now.

Thursday, August 13, 2020

The Salesforce Certified System Architect Journey

As I noted in my earlier blog post, I started the journey on Salesforce this January (2020!). 

Little did I know how much I would learn, and appreciate the Salesforce landscape. It was a humbling experience indeed.  I had taken other certifications in the past (PMP, CSM, AWS etc), but this was a commitment to myself for a longer term. This was a marathon.

After 8 long months, I was able to get the System Architect certification. The work from home situation helped - it was a blessing in disguise.



System Architect Journey – SFDCFacts

I have chronicled all my experience is various posts as listed below:


Hope these posts helps someone out there. 

How I passed the Salesforce Identity and Access Management Designer Certification

This exam was the one I dreaded most. 

Security - the one aspect we (app team) take for granted. The one which is taken care by someone we dont know. Every organization has a "Security Team" or a "Security guy/gal". The learning for this exam changed my perspective on so many levels regarding security. Now I respect the them even more. 

 I was warned by many (bloggers) about this exam. Even my mentor friend Rajeev Venkitaraman did. "Be careful," he said, "Study hard". After the easy Development Lifecycle exam, this was indeed a mountain to climb. 

As usual after scoping out what I needed to learn, and then scheduling the topics, I started the trailmix. Reading, reading and then lot of reading. :) 

 My initial attempt was to make myself comfortable and confident about the topic. By reading, and watching other related YouTube videos and blogs I was able to grasp the fundamentals. Meanwhile the trailmix had lot of good resources. 

The topics I concentrated on: 
  1. SSO (You should be able to differentiate IdP (Identity Provider) initiated vs SP (Service Provider) Initiated authentication 
  2. OAuth Flows (Identify what flow is best for the given scenario) 
  3. Federated vs Delegated Authentication 
  4. 2FA (Two Factor Authentication)
  5. Identity Connect 
  6. Licenses 
You need to practice all the flows (at least the SSO ones) and also the Security settings. Only if you practice you will be able to "get it". If you have a friend who works in this domain, call that dude up and remind that you are still a good friend :) 

Anyways, this was a lot for me, but do-abble. The last week of my study was a refresher, spending my time on the Ladies Be Architects study videos. They are a blessing indeed. 

 All the best. Send me a note if you want any help preparing. I will be glad to help you out.

Thursday, July 09, 2020

How I passed Salesforce Development Lifecycle and Deployment Designer Certification

To date, this was the easiest exam I have taken so far. I am dedicating all the "easiness" to my 2 decades of software development experience in the enterprise world. 

The preparation was easy and all the contents in trailmix got absorbed into my little brain like a sponge absorbs water. 

The trailmix had topics on "how-to" technical subjects - but the exam had more on governance than technical. 

As with any SF exam prep, I did the following:

1. Go thru the trailmix diligently and religiously
2. Watch videos in Youtube on Governance (there are tons) and Version Control strategies
3. Work on mock tests (Propofs and Quizlets)

The following experiences also helped me in preparing for the exam:


Again, the Ladies Be Architects videos come to help! Big thanks to Gemma and gang! They really rock!

Before closing in, couple of main topics that I hit on the exam:
1. Sandboxes (what and when)
2. Editions (which editions can do what)
3. Source Control strategies
4. Metadata API
5. Changeset Deployment
6. Governance

The following tables helped me understand the sandbox types and various types of changes in the ALM:


Good luck!

How I passed Salesforce Integration Architecture Designer Exam

As they say, "Success motivates action". After passing the Platform Developer 1 exam, I set out to attain the Integration Architecture Designer exam. 

By this time, I had a fair idea on the Salesforce ecosystem, but had many many questions (I still have). My friend Rajeev Venkitaraman came to help again, with his pointer that the Integration Pattern and Practices PDF is the bible for this certification. He was right, as he always is. :)

Before I even start studying the scope out the entire topic. The certification guide in the Salesforce trailhead comes to help here. This exercise gives me an idea on how long it will take me to study. I also went through the trailmix for this exam and authored a schedule. A month and a half - it seemed quite right - with my full time job and the summer approaching.

The next thing I do is set out to read the experiences of other exam takers. It also gives me a fair idea and some motivation. The following blogs gave me a good lead into my preparation:


Thanks a billion!

I set out to go thru the Trailhead. At the same time I also started reading the patterns and pratices pdf. It confused me the first time. But by the 3rd time it all started to make sense. As my friend Rajeev suggested, by the 4th time I got the entire picture and was able to connect the dots. 

Once I completed the Trailmix and reading the patterns document, I started watching videos on various topics. The Ladies Be Architects study group videos really helped me a lot. 

By the time I completed half of my preparation, I had already scheduled my exam on May 21st. 

My work experience helped me understand the topic conceptually, regarding various APIs. I just had to place those into Salesforce domain. I would not say it was easy. I took dedication and time.

I also had prepared charts and post-its (which I stuck on my wall) for easy reference. The one that really helped me get through most of the questions was this one:


The exam went without much trouble. The mock tests that I took from Propofs and various Quizlets helped in shape my foundation.

For those who are going to take the exam, work experience in an Enterprise setup will really help, but if you prepare well, you will be able to make it even without that. All the best!

Wednesday, May 27, 2020

How I passed Salesforce - Platform Developer 1 Cert Exam (SP20)


On the start of the year 2020, I decided to make some changes to my career development. I have been working in Microsoft technologies over two decades (you read it right - 20 years). I decided to delve into Salesforce. I was lured into, in fact. :). I also wanted to enhance my knowledge and be uncomfortable in a good way.

First and foremost, needless to say, I made Trailhead my best friend. I started reading trailhead and going through the Platform Developer1 trailmix. For the first few weeks, I got so confused that I almost decided to give up. Coming from a custom development background, it was very difficult to get the WHY of Salesforce ecosystem. My friend and mentor, Rajeev Venkitaraman, advised me to forget the WHY for now and continue. I did. I am glad I did. :)

After a while, things started making sense. I started studying in mid January. By February mid, I was feeling pretty comfortable. Since I had a rich programming experience, Apex was a no brainer. Triggers, Controllers, LWC, all made sense. Entering March, I scheduled the exam for April 2nd week. Once I completed the trailhead, I signed up for a Udemy course on the exam. It did help me solidify the concepts and boosted my confidence. I started gathering various resources and old questions to get a hang of the certification exam. Focusonforce.com really helped in this case. If you are hard-pressed on budget, you can also go through questions in propofs.com. But, the answers might be all wrong. Use you wits to gauge.

My exam was rescheduled to the first week of  June due to the COVID-19 situation. I could not wait and I rescheduled it back to April 2nd, changing it to OLP (Online Proctored) exam.

The night before I set all things ready - cleaned the desk, took off all the post-its from my wall, arranged my webcam (so that the proctor could see my face, my hands and my keyboard). Believe me, it was not fun - it took me around 30 minutes to adjust the webcam :)

On the day of exam, I took it easy - even though I was tensed a bit. After the test started, the proctor hindered (after 2 or 3 questions) and said he could not see me. I adjusted my camera again, and continued. But he hindered again and said the same. The real issue was not my webcam, but an instance of Skype which was running in the background. Switched it off, and things started sailing smooth.

There was only one question from Governor Limits (which is an important topic though), lot of SOQL and Apex questions. I was glad that I did Focusonforce, which helped me immensely. I reviewed all the answers one more time and finally hit the "SUBMIT" button. 

So, to summarize:
  1. Go through trailhead.
  2. Understand the Salesforce ecosystem (give some time - you will get it)
  3. Do the trailmix
  4. Schedule your exam (this will motivate you to keep going)
  5. Do mock tests - Focusonforce.com (very reliable) or propofs.com (at your own risk)
    One thing to keep in mind - do not feel disheartened if you do not pass or get high scores in mock tests. GETTING HIGH SCORES IN MOCK TESTS SHOULD NOT BE OUR GOAL, CONTRARY TO WHAT MANY PEOPLE ADVISE. Our goal is to learn. Period. If you do not do good in a mock test, take that as an opportunity to learn and go read into those areas you did not do good. I enjoyed the aha moments during my mock test times.
  6. Take the exam - FINISH STRONG!

Must read if this is your first attempt at a SF certification:
How to pass each Salesforce certification: The SFDC99 Method
https://www.sfdc99.com/2017/04/18/pass-salesforce-certification-sfdc99-method/
All the best!

PS: Did I say I passed the exam? I did. :)

Thursday, January 26, 2017

What is NODE.JS doing in my UI stack?

Well, I have been doing client side development for a while. Knockout, jQuery, Bootstrap and alike.

Meanwhile I was learning Angular (the first version) too.

Then life happened, and I got busy in my day-to-day work.

I had heard about NODE.JS becoming popular among the JavaScript enthusiasts, as they could now write their favorite language for server side purposes. That sounded cool, but as I had .NET and C#, I never bothered.

Until now.

I picked up Angular 2 for including in my language cache, and I saw these plethora of client side libraries - Gulp, Bower, TypeScript, Node.js.

Wait a second! Node.js? Why? Isn't that for server side?

What is NODE.JS doing in my UI stack?

I started googling and binging around, and I got no answer that could quench my thirst. Finally, I turned to Jason Meckley. Jason is an Angular guru, who monthly presentations in our User Group got me excited to Angular in the first place.

And here is his reply to my email:

Node is a JavaScript engine. Its original intent was to execute JS on the server. However more client side developer are using node as a means to manage their UI projects. I haven't seen it being used directly for UI work. but it does play into frameworks like angular/emberJS etc. The most common usage of nodeJS for UI development is node package manager (npm). we are using npm on all our angular work. to get the local environment setup and running looks something like this

c:/projects/my-project
npm install
bower install
gulp --env=local run

within my-project is there are 3 files package.json, bower.json & gulpfile.js
package.json is the list of npm modules. 
bower.json is a list of bower modules bower is like npm but the packages are specific to web development.
usually npm will install bower and gulp and the bower will install client libraries.
These files are similar to nuget's package.config in .net projects.

gulpfile.js contains the build tasks. similar to ant, nant, rake, cake, psake, etc... we have tasks like
1. create distribution directory
2. jslint
3. minify js
4. transpile .less to css
5. copy output to distribution directory
6. run tests (karma, protractor, qunit, etc.)
7. run local web server

To sum it up, node common purpose for client side development is package management and executing compile time scripts like gulp.


Cookies, anyone?

  Our application started having integration issues early March this year. Did I say that was intermittent? To add to our confusion, we coul...