on 2020 Oct 05 3:41 PM
Hi,
As we all know we have two authentication type available for Successfactor Adapter from SAP CPI. One is Basic and another one is Oauth2 SAML Bearer Assertion.
We generally use Basic authentication for connection Successfactor API via CPI and do query and upsert.
Regards,
Souvik
Request clarification before answering.
I have a project where the client is on NS2, SAP National Security Services. We are currently seeing an error that will no longer allow Basic Authentication:
[LGN0030]HTTP Basic Authentication (Basic Auth) is no longer supported in OData. Please choose OAuth 2.0 to authenticate users.
I have developed a brute force proof of concept where we use multiple steps to get the access token via https://{{domain}}/oauth/idp and https://{{domain}}/oauth/token. However, even with the access token saved as a property and passed in the header the "Bearer" Authorization key, there are several challenges with this approach.
The private key is very long and cannot be stored as a Secure Parameter since there's a validation on the number of characters that can be stored in the Secure Parameter. I actually created an "OAuth2 Client Credentials" security object and use Groovy to pull this back using the import com.sap.it.api.ITApiFactory; While I can enter a really long private key into the Client Secret on the Credential, when I retrieve the value back, it is limited to the first 256 characters. In order to work around this limitation, the remaining portion of the private key is stored as a non-secured external parameter.
If this is any indication on the regular commercial side, Basic Auth could be going away as planned based on the H2 2020 release notes. I think for now, you can use Basic Auth, but should plan for it to go away. We are currently trying to figure out a path forward as it looks like the SuccessFactors connection from CPI does not support fully OAuth 2 yet or I have not landed on the right documentation yet. We have opened a ticket with SAP. If SAP does not address the documentation gap or address issues with the connection itself, I suspect there could be a huge backlash and SAP may need to postpone the sunsetting of Basic Auth (similar to how it has handled the SFAPI CompoundEmployee deprecation).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Souvik,
We generally use basic authentication for SFSF scenarios.Below might give more details on usage of OAuth with SuccessFactors adapter in SAP CPI.
Regards,
Sriprasad Shivaram Bhat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Sri for sharing the blog.
As far as I understood from the blog that, it will only work based on the principal propagation. Lets say we need to extract some data from successfactor and send it to 3rd party system based on the Timer event. It will not work right?
Please share your thought.
Regards,
Souvik
User | Count |
---|---|
55 | |
10 | |
9 | |
8 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.