cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SuccessFactors OAuth Authentication (without CPI) - Generating SAML Assertion - using 3rd Party Idp

Go to solution
SinhaSouvik
Participant

on ‎2023 Apr 03 1:34 PM

0 Kudos
4,760

Hello Expert,

I am working for a client where few 3rd party application want to connect our SuccessFactors API directly(without CPI).

To authenticate SF API's using OAuth first step is to get the SAML Assertion. I understood from the our help document that there are couple of approach to generate the SAML Assertion.

1. Using third-party IdP (Recommended)

2. Using offline SAML generator tool. (for this approach we have SAP Note: 3031657)

In our landscape we have Azure Active Directory, I need some help guide to generate SAML Assertion using this type of 3rd party identity provider(Like: Azure AD etc.)

https://help.sap.com/docs/SAP_SUCCESSFACTORS_PLATFORM/d599f15995d348a1b45ba5603e2aba9b/4e27e8f6ae274...

Regards,

Souvik

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

SinhaSouvik
Participant
‎2023 Jun 04 1:07 PM
0 Kudos

Hello All,

Please find the latest SAP KBA, it demonstrate the step by step process to Generate SAP SuccessFactors SAML Assertion using MS Azure as 3rd Party IDP.

SAP SuccessFactors SAML Assertion format demonstration using MS Azure

Regards,

Souvik

Show replies
Show replies
former_member183909
Active Participant
‎2023 Aug 24 8:58 AM
0 Kudos

Hi Souvik,

I have got the SuccessFactors ODATA and SFAPI connection working using the offline SAML Generation method but I wanted to use the recommended SAML assertion via Azure.

I'm also following the SAP KBA 3301583

SAP SuccessFactors SAML Assertion format demonstration using MS Azure

I've got down to the testing. I can generate the JWT Token and generate a SAML assertion from MS Azure but on the third step I am stuck on the Test C Exchange token by the SAML assertion in HXM Suite.

Why do you think I am getting this error ? Unable to verify the signature of the SAML assertion. Please ensure that the assertion has a signature and the key pairs match the client ID

I am also wondering about that SAP KBA and the X509 - I am using the SuccessFactors Manage OAuth2 Client Application page - in the KBA they do not explain what to do with it - are you meant to just generate this or paste in something from Azure or do you even need the X509? If so what do you do with it.

Anyway my failed call with that error is as follows (although I am using POSTMAN do to the calls).

POST https://api68sales.successfactors.com/oauth/token

header Content-Type: application/x-www-form-urlencoded

with a body text of;

company_id=abc*************&client_id=NjZkNjM0MGExMD******************* &grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer &assertion=PEFzc2VydGlvbiBJRD0iXzE0***********************

This is the company_id & client_id from the SAP SuccessFactors Admin Centre page "Manage OAuth2 Client Application"

  • company_id: The company ID as seen in that SAP SuccessFactors page
  • client_id: The API key as seen in that SAP SuccessFactors page.
  • grant_type: Set to "urn:ietf:params:oauth:grant-type:saml2-bearer".
  • assertion: Enter the Base64-encoded assertion obtained from Generating a SAML Assertion - see Step B in that KBA
tristan_zwingelstein
Member
‎2023 Sep 29 2:02 PM
0 Kudos

Do you have same instructions for other identity providers ?

Thank you

Answers (2)

Answers (2)

rajkumar_thakur
Discoverer
‎2023 May 11 8:04 AM
0 Kudos

Hi Souvik,

Any solution found on this query, if yes, please share some insight here.

Thanks,

Raj Kumar

Show replies
Show replies
SinhaSouvik
Participant
‎2023 May 12 7:16 AM
0 Kudos

Hello Rajkumar,

Check the answer from PDC. If this helps you.

https://groups.community.sap.com/t5/api-integration/successfactors-oauth-authentication-generating-s...

Regards,

Souvik

rajkumar_thakur
Discoverer
‎2023 May 12 7:26 AM
0 Kudos

Hi Souvik ,

Thanks for your quick turnaround. Unfortunately it looks like I don't have permission to view the details shared in link.

It will be helpful if you can share details on my mail or if you can share some different link.

Thanks,

Raj Kumar

nlgro023
Active Contributor
‎2023 Apr 03 6:42 PM
0 Kudos

Did you try the steps of this blog (it's a bit more in depth than the manual is)?
How to use Postman to call SuccessFactors API using OAuth authentication method and SAP Offline SAML...

Show replies
Show replies
SinhaSouvik
Participant
‎2023 Apr 04 1:16 PM
0 Kudos

Hello jasper.de.groot ,

This is an alternate approach as per SAP, same has been mentioned in the Option 2 in my question. I am looking for solution of recommended approach option 1.

Regards,

Souvik

Ask a Question