Skip to main content

47 posts tagged with "link"

View All Tags

Bug Fixes

This release corrects the behavior of the sanity-check URL for two scenarios:

  • The endpoint must be enabled in the API proxy with the SanityCheckEnabled variable with the value of true.

  • The endpoint now correctly handles the SAP client value.

Read more about the SAP client feature at the feature documentation.

The enosix team has completed testing to ensure compatibility of the latest enosix apps with the Salesforce Summer ‘26 release. Below are the key details of the testing process and outcomes:

Testing Highlights

  • Regression Testing:

    • Tests were executed to validate functionality and compatibility.
  • Products Tested:

  • Mobile App Compatibility:

    • The Surface app was tested in the latest version of the Salesforce Mobile app.

Testing Scope and Outcomes

  1. Sync for Salesforce v1.3.4:

    • Validated real-time data synchronization between Salesforce and SAP.
    • Ensured consistent performance across core use cases, including object synchronization and data accuracy.
  2. Surface v2.8.1:

    • Confirmed compatibility with the Salesforce Sales app.
    • Verified Lightning components function in the Salesforce Mobile app.
  3. SDK v1.7 + Cloud-UI:

    • Verified the ability to configure a material/product and update the price on a quote line item using Cloud-UI in CPQ.

Results

  • Compatibility Confirmed: All tested products are fully compatible with Salesforce Summer ‘26.
  • No Critical Issues Identified: Testing revealed no blockers or critical issues.

The enosix team remains committed to ensuring our solutions deliver seamless integration and superior performance. For any questions or support, please contact our team.

Support portal: https://go.enosix.com/support

[Feature]: Swagger API Testing Security and Usability Improvements

  • This release introduces API testing using a secured API key in Swagger API documentation.

  • Swagger now supports API key authentication. Users can authenticate in Swagger using the API key flow. This aligns interactive documentation with how protected APIs are actually secured.

  • Swagger “Try It Out” can be controlled by configuration. Teams can enable or disable Swagger’s live testing capability per environment. This helps keep production documentation visible while preventing unauthorized test execution.

Detailed documentation can be found here: Swagger UI

Validate Credentials for Delegated Authentication

When a request is made to the /auth-payload endpoint for api proxies or via ?link-function=auth-payload for Proxies, Link validates the provided credentials against the SAP backend before issuing a delegated auth token. If the credentials are invalid or missing, a 401 Unauthorized response is returned.

[Feature]: This release introduces strict query parameter validation in the API Proxy to prevent query parameter injection into downstream SAP requests. The change addresses an issue where encoded characters (e.g., %26 for &) could be used to pass additional parameters.

Allows only below-listed query parameters, and any additional parameters passed on request are dropped

  • sap-client: Exactly 3 digits
  • sap-sessioncmd: Must be cancel
  • sap-language: Exactly 2 characters
  • link-function: Must be auth-payload
  • saml2: Must be disabled
  • tabs: Letters only
  • key: String or the literal $*$
  • expirationSeconds: Positive integer 1..2147483647
  • cid: Alphanumeric less than or equal to 10 characters

Enhancements

  • Override CID on Link API requests. Support has been added to specify a Customizing ID on proxied API requests. Specifying a cid query string parameter will override the x-enosix-cid extension of the Open API Specification for the endpoint.

Bug Fixes

  • Reading CID from Open API Specification. A bug causing API endpoints to ignore the configured x-enosix-cid extension in the Open API Specification.

Enhancements

Ability to pass CID as Query Param.

Added support for passing cid as a query parameter to the SAP backend. The following validation rules have been added for the cid parameter:

  • Alphanumeric characters only (a-z, A-Z, 0-9)
  • Length: 1-10 characters
  • No special characters or spaces allowed

Enhancements

  • Swagger UI Configuration Control
    The API Proxy configuration now supports a SwaggerEnabled property that allows you to control whether the Swagger UI and OpenAPI Specification endpoints are exposed for each API Proxy. Setting SwaggerEnabled: true enables these documentation endpoints, which is useful for development and testing environments. By default, Swagger endpoints are disabled. See the Swagger UI for full details.

The enosix team has completed testing to ensure compatibility of the latest enosix apps with the Salesforce Spring ‘26 release. Below are the key details of the testing process and outcomes:

Testing Highlights

  • Regression Testing:

    • Tests were executed to validate functionality and compatibility.
  • Products Tested:

  • Mobile App Compatibility:

    • The Surface app was tested in the latest version of the Salesforce Mobile app.

Testing Scope and Outcomes

  1. Sync for Salesforce v1.3.4:

    • Validated real-time data synchronization between Salesforce and SAP.
    • Ensured consistent performance across core use cases, including object synchronization and data accuracy.
  2. Surface v2.8.1:

    • Confirmed compatibility with Sales app.
    • Verified Lightning components function in the Salesforce Mobile app.
  3. SDK v1.7 + Cloud-UI:

    • Verified ability to configure a material/product and update price on quote line item using Cloud-UI in CPQ.

Results

  • Compatibility Confirmed: All tested products are fully compatible with Salesforce Spring ‘26.
  • No Critical Issues Identified: Testing revealed no blockers or critical issues.

The enosix team remains committed to ensuring our solutions deliver seamless integration and superior performance. For any questions or support, please contact our team.

Salesforce has announced several certificate-related changes in 2026 that may generate questions from customers. enosix has reviewed these changes and assessed the impact across our product line. No customer-facing disruptions have been observed to date, and our architecture minimizes exposure to these changes. Below is a summary of each change and how it relates to enosix products.


1. Root Certificate Transition to DigiCert Global Root G2 (Effective February 5, 2026)

Salesforce has transitioned to issuing certificates chained from the DigiCert Global Root G2. Any certificate issued by Salesforce after February 5, 2026 will be chained to this new root in most environments. Salesforce recommends that organizations adopt the Mozilla Root Certificate Set to future-proof their trust stores.

Impact on enosix Products

  • Salesforce Apps (Surface, Transact, Commerce, SDK, Sync): enosix integrations with SAP are built on Named Credentials and Callouts, not direct API client connections. Salesforce manages the outbound TLS trust chain for Named Credential callouts, so no customer action is required for these products. Self-signed certificates and CA-signed certificates that you upload to your org are not in scope for this change.

  • enosix Link: The enosix Link appliance has been patched to include the latest root certificate updates, including DigiCert Global Root G2. Customers should review the Link release announcements and ensure they are running the latest version. Customers not using the stable (automatic update) channel should update to the latest release to ensure continued compatibility.

  • enosix Connect: The enosix Connect appliance has been patched to support the latest root certificate updates. Customers should review the Connect release announcements and ensure they are running the latest version. Customers not using the stable (automatic update) channel should update to the latest release to ensure continued compatibility.


2. Deprecation of Dual-use Certificates (Effective June 15, 2026)

Effective June 15, 2026, Chrome will mandate a strict separation between server and client authentication certificates ("dual-use" ban). This impacts customers using mutual TLS (mTLS) with Salesforce, requiring that client certificates are not sourced from the same public roots used for website trust.

Impact on enosix Products

enosix products do not use mTLS for connectivity between Salesforce and SAP. This change has no impact on enosix integrations. Customers who have implemented custom mTLS configurations outside of enosix products should review the Salesforce-supported CAs for Client Auth EKUs and audit their mTLS usage independently.


3. Certificate Lifespan Reductions (Starting March 15, 2026)

To align with industry standards, Salesforce is reducing maximum TLS server certificate lifespans in phases:

DateMaximum Lifespan
March 15, 2026200 days
March 15, 2027100 days
March 15, 202947 days

This means certificates will be renewed more frequently. Some CA vendors have already begun issuing 200-day certificates.

Impact on enosix Products

  • Salesforce Apps (Surface, Transact, Commerce, SDK, Sync): Certificate renewal is managed entirely by Salesforce for Named Credential connections. No customer action is required.

  • enosix Link & Connect: Appliance updates include support for more frequent certificate rotations. Customers should stay current on the latest releases to ensure their appliances handle renewed certificates seamlessly. Customers not using the stable (automatic update) channel should regularly check for and apply the latest updates.


Summary

ChangeEffective Dateenosix ImpactCustomer Action
Root Certificate → DigiCert Global Root G2Feb 5, 2026No disruption observedLink & Connect: update to latest release if not on stable channel
Dual-use Certificate Ban (mTLS)June 15, 2026No impact (enosix does not use mTLS)None for enosix products
Certificate Lifespan → 200 daysMarch 15, 2026No impact for Named Credential integrationsLink & Connect: stay current on releases

Additional Resources

For any questions or support, please contact the enosix team.