cancel
Showing results for 
Search instead for 
Did you mean: 

SuccessFactor API Authentication mechanism from SAP CPI

SinhaSouvik
Participant
0 Kudos
3,541

Hi,

As we all know we have two authentication type available for Successfactor Adapter from SAP CPI. One is Basic and another one is Oauth2 SAML Bearer Assertion.

We generally use Basic authentication for connection Successfactor API via CPI and do query and upsert.

  • Which authentication method will be the best practice to use while fetching and upserting data via API?
  • For setup the Oauth authentication, what are the steps we need to follow for the connectivity setup? How much complex it is? And is it a future proof approach for successfactor API authentication?

Regards,

Souvik

Accepted Solutions (0)

Answers (2)

Answers (2)

chrisnguyen
Explorer
0 Kudos

I have a project where the client is on NS2, SAP National Security Services. We are currently seeing an error that will no longer allow Basic Authentication:

[LGN0030]HTTP Basic Authentication (Basic Auth) is no longer supported in OData. Please choose OAuth 2.0 to authenticate users.

I have developed a brute force proof of concept where we use multiple steps to get the access token via https://{{domain}}/oauth/idp and https://{{domain}}/oauth/token. However, even with the access token saved as a property and passed in the header the "Bearer" Authorization key, there are several challenges with this approach.

The private key is very long and cannot be stored as a Secure Parameter since there's a validation on the number of characters that can be stored in the Secure Parameter. I actually created an "OAuth2 Client Credentials" security object and use Groovy to pull this back using the import com.sap.it.api.ITApiFactory; While I can enter a really long private key into the Client Secret on the Credential, when I retrieve the value back, it is limited to the first 256 characters. In order to work around this limitation, the remaining portion of the private key is stored as a non-secured external parameter.

If this is any indication on the regular commercial side, Basic Auth could be going away as planned based on the H2 2020 release notes. I think for now, you can use Basic Auth, but should plan for it to go away. We are currently trying to figure out a path forward as it looks like the SuccessFactors connection from CPI does not support fully OAuth 2 yet or I have not landed on the right documentation yet. We have opened a ticket with SAP. If SAP does not address the documentation gap or address issues with the connection itself, I suspect there could be a huge backlash and SAP may need to postpone the sunsetting of Basic Auth (similar to how it has handled the SFAPI CompoundEmployee deprecation).

SinhaSouvik
Participant
0 Kudos

Thanks chrisanguyen for sharing the details and I agree with your points.

Please share the SAP response for your query so that it can help us as well.

Regards,

Souvik

Sriprasadsbhat
Active Contributor
0 Kudos

Hello Souvik,

We generally use basic authentication for SFSF scenarios.Below might give more details on usage of OAuth with SuccessFactors adapter in SAP CPI.

https://blogs.sap.com/2018/07/30/sap-cloud-platform-integration-principal-propagation-with-successfa...

Regards,

Sriprasad Shivaram Bhat

SinhaSouvik
Participant
0 Kudos

Thanks Sri for sharing the blog.

As far as I understood from the blog that, it will only work based on the principal propagation. Lets say we need to extract some data from successfactor and send it to 3rd party system based on the Timer event. It will not work right?

Please share your thought.

Regards,

Souvik

SandeshK
Participant
0 Kudos

I have came across a very recent blog about the sunset of basic authentication on Successfactors APIs. So I guess OAuth is the way to go considering this new evolution.