cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

policy to authenticate with OAuth to SuccessFactors from SAP API Management

former_member440061
Participant

on ‎2023 Aug 25 2:28 PM

0 Kudos
334

Dear All,

I have a requirement to connect to SuccessFactors API using OAth credentials via an API proxy created in SAP API Management. I received the User_id, client_id, company_id, token_url and private_key and I saved them in Key Value Map. I am then reading them in a KeyValueMap operation policy after which I use Service CallOut policy with the following code to get the saml response:


<!-- Policy to get SAML Assertion-->
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ServiceCallout async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
    <Request clearPayload="true">
        <Set>
            <Payload contentType="application/x-www-form-urlencoded">client_id={private.sapapim.sf.client_id}&user_id={private.sapapim.sf.user_id}&token_url={private.sapapim.sf.token_url}&private_key={private.sapapim.sf.private_key}</Payload>
            <Verb>POST</Verb>
        </Set>
        <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    </Request>
    <Response>sapapim.samlresponse</Response>
    <Timeout>30000</Timeout>
    <HTTPTargetConnection>
        <URL>https://SFHostName/oauth/idp</URL>
    </HTTPTargetConnection>
</ServiceCallout>

<!-- Policy to get token -->
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ServiceCallout async="false" continueOnError="false" enabled="true" xmlns="http://www.sap.com/apimgmt">
    <Request clearPayload="true">
        <Set>
            <Payload contentType="application/x-www-form-urlencoded">client_id={private.sapapim.sf.client_id}&user_id={private.sapapim.sf.user_id}&company_id={private.sapapim.sf.company_id}&assertion={sapapim.samlresponse.content}&grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer</Payload>
            <Verb>POST</Verb>
        </Set>
        <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    </Request>
    <Response>sapapim.tokenresponse</Response>
    <Timeout>30000</Timeout>
    <HTTPTargetConnection>
        <URL>https://SFHostname/oauth/token</URL>
    </HTTPTargetConnection>
</ServiceCallout>

This is working fine and I am able to connect to SF system. I tested this using POSTMAN and made calls using API Proxy URL.

But I later found out that oauth/idp API has been deprecated. Therefore, I cannot use this anymore.

Now I am looking for an alternative which I can use in the policy to get SAML assertions and use it further in the policy to authenticate SF using OAuth. Can anyone provide any hint on how to achieve this?

I have gone through online blogs which suggest using a third party IDP or an offline SAML generation tool.

It will be really helpful if someone can provide a policy template to achive this. Thank you!

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
former_member440061
Participant
‎2023 Aug 28 8:16 AM
0 Kudos

Hello All,

Any hints on this, please?

Accepted Solutions (0)

Answers (0)

Ask a Question