Basic authentication has been the way of communication between SAP Cloud Integration and SAP SuccessFactors. However, progessing to more secure ways of authentication mechanisms both SAP SuccessFactors and SAP Cloud Integration have enhanced capabilities to support oAuth based mechanisms.
In this blog, the primary focus is on configuring connectivity between SAP SuccessFactors and SAP Cloud Integration using oAuth. For both the scenarios, the steps provided will describe in detail on the necessary configurations in SAP SuccessFactors and SAP Cloud Integration.
Scenario 1: Connectivity from SAP Cloud Integration to SAP SuccessFactors
SAP Cloud Integeration has enhanced SAP SuccessFactors oData V2 outbound connector with oAuth2 SAML Bearer authentication. With enhanced SAP SuccessFactors oData V2 outound connector, it's possible to configure oAuth SAML Bearer in context of an API user for SAP SuccessFactors system. Amidst retirement of basic authentication for SAP SuccessFactors oData services, oAuth SAML Bearer authentication is the new alternative.
Below steps provide details for creating an oAuth SAML Bearer credential for SAP Cloud Integration to SAP SuccessFactors connectivity:
Acess "Keystore " through Manage Security -> Keystore under the "Monitoring" section of SAP Cloud Integration
In the "Keystore" tab , select Create->Key Pair
For Creating "Key pair", fill in the necessary fields. "Common Name" should be a valid user in SAP SuccessFactors.
Download certificate for the "Key Pair" to the local system.
Logon to SAP SuccessFactors Instance and goto "Manage OAuth2 Client Applications". Click "Register a new oAuth Client Applicaiton"
To Register, fill in the shown fields, and copy paste the downloaded certificate from the local system in the field X.509 Certificate, copy the contents of the certificate between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
After registration, API key gets generated for the applicattion.
Go back to "Monitoring" section in SAP Cloud Integration. Choose Manage Security->Security Material
Provide the SAP Cloud Integration endpoint URL. This would be endpoint generated by the SAP Cloud Integration iFlow
Enter issuer and select subject name id format as “X509 Subject Name”
Enter the subject name similar to the “Common Name” generated in the certificate
Select the “X509 Certificate” from the dropdown
Click “Save”. The configuration can be used in a “Destination” to trigger the endpoint on SAP Cloud Integration.
SAP SuccessFactors and SAP Cloud Integration, provide support to oAuth based authentication. In SAP Cloud Integration, oAuth SAML Bearer support with technical user/API user, it is feasible to move from basic to oAuth authentication mechanism. Whereas, in SAP SuccessFactors using the client credentials SAML authentication is possible.