Hello Team,
I am trying to create an angular/javascript application that consumes Successfactors Odata API in SSO environment. I have setup SSO using Provisioning tool, with Azure Active Directory as Identity Provider. This makes the Successfactors app (url like: https://pmsalesdemo8.successfactors.com/sf/admin?bplte_company=SFCPART000176&_s.crb=...) as SSO enabled.
Situation:
I login to Successfactors App and click on pre configured "Custom navigation links" (which has tokenized urls). This launches my angular application on a new tab. This has to take the currently logged in user context using the url token that was pre-configured(tokens like @USER_ID@).
Problem:
Taking this user context from url is not safe as any one can change it to any other Successfactor user id and get back data of the changed user id.
So is there any other safe way to pass user context to custom navigation urls or custom external modules?
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.