Hello,

We want to try Principal Propagation to SuccessFactors in Integration Suites so we can perform SuccessFactors approval (SF API approveWfRequest and rejectWfRequest) from external system (mobile apps)—that needs to be executed using the actual approver’s user ID.

We have followed the steps to configured the Principal Propagation in this blog: Principal Propagation in SAP Integration Suite from external system to SuccessFactors, however we still got error :

ErrorCode :200 ErrorMessage :Retrieval of OAuthToken failed due to: Cannot determine user to propagate for OAuth2SAMLBearerAssertion destination. Either provide user_token JWT token (https://docs.cloudfoundry.org/api/uaa/version/4.7.1/index.html#user-token-grant) when retrieving the destination or configure it with SystemUser..)

Following are our configurations in BTP, SF, and Integration Suites.

Role Collection in BTP with 2 users that have account in SF:

OAuth configuration in SF using Certificate downloaded from BTP Destination:

Security Material created in Integration Suites using Client Key from ZOAUTH_IS_2 API Key.

And lastly, this is our integration flow and how we call it using Postman (with user configured in role collection SF_Propagation):

Is there anything wrong with our configuration? Or there is missing configuration that we need to execute?

Thank you.