Introduction:
Recently SuccessFactors released Note #
2970369 stating its going to sunset Basic Authentication ( starting from 2022 ) for API usage.Below blog will show how we can connect using existing OAuth2 authentication method to fetch the data from SuccessFactors using SAP Integration Suite.
Disclaimer:
This blog is just to explain technically how OAuth based authentication can be achieved in SAP CPI for
SuccessFactors Based integrations.
Please make a note SAP Cloud Integration updated existing adapter to handle OAuth internally and this blog is just to understand alternative technical approach.
For more easier and SAP proposed way of handling OAtuh with SFSF adapter in SAP Cloud Integration please refer the blog post.
Whats the issue with existing SuccessFactors - OData Adapter of SAP CPI:
SuccessFactors OData V2 adapter have OAuth SAML based authentication supported but it doesnt suffice to achieve the end to end scenario of authentication process to get the data from SuccessFactors OData V2 ( Refer Limitation
KBA-2986720 ) using SAP CPI.
We will create a small demo to see how we can leverage
HTTP and
OData adapter to achive the same.
Current Process to get the data from SuccessFactors Employee Central using OAuth ( using Postman ).
SuccessFactors Settings:
Navigate to
Admin Center->Manage OAuth2 Client Applications-> Register
Fill the mandatory details as shown below.
Click on
Generate X.509 certificate and fill out the details as shown below and then “
Generate”
Once you click on Generate Screen Automatically goes back to previous one giving option to
download the Private Keys and Certificates.
Download the .pem file. It contains private key and certificate. (Can be seen in notepad++).Take a copy of private key to be used further in our integrations.
Save the configuration to capture API key associated with your OAuth Application for further usage in your integration.
SAP Integration Service Settings:
Login in to your SAP CPI tenant and create a new iflow with below design.
If you are very much new to SAP CPI then follow below Tutorial to get familiarized with.
Developer Tutorial - SAP CPI
Block 1:
Its main
Integration Process and configure like below.
Step a:
Add
Content Modifier and add all your parameters ( like you want to control logging ).Its optional for you in above design.
Step b:
Add
Process Call to make a call to
Local Integration Process - GetSAMLAssertion ( covered in Block - 2 )
Step c:
Add
Process Call to make a call to
Local Integration Process - GetAuthToken( covered in Block - 3 )
Step d:
Add
Process Call to make a call to
Local Integration Process - GetUserData( covered in Block - 4 )
Block 2:
Local Integration Process which is used to get SAML Assertion from SuccessFactors.
Step a:
Add
Content Modifier with below details in
Body section. Refer the above OAuth Application for all the details.
client_id=<client_id>&user_id=<technicaluser>&token_url=https://apisalesdemo4.successfactors.com/outh/token&private_key=<private_key>
Step b:
Add
Request-Reply with
HTTP receiver adapter with configuration ( API server depends on your SF instance ).
Step c:
Add
Script to log the assertion code ( just for your reference ).
import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
def Message processData(Message message) {
def body = message.getBody(java.lang.String) as String;
def messageLog = messageLogFactory.getMessageLog(message);
messageLog.addAttachmentAsString("SAML_Assertion:", body, "text/xml");
return message;
}
Block 3:
Local Integration Process for getting Bearer Token from SuccessFactors .
Step a:
Add C
ontent Modifier with below details.
Message Header should have constant with below value.
Name |
Value |
Content-Type |
application/x-www-form-urlencoded |
Body section of your content modifier should have below values ( replaced with your SuccessFactors details like company id and client id ).
company_id=<COMPANY_ID>&client_id=<CLIENT_ID>&grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=${in.body}
Step b:
Add
HTTP receiver adapter to get the Bearer Token from SuccessFactors.
Step c:
Add
Script step to parse the bearer token and set it as header for subsequent call.
import groovy.json.*;
import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
def Message processData(Message message) {
//Body
def body = message.getBody(String.class);
def jsonSlurper = new JsonSlurper()
def list = jsonSlurper.parseText(body)
def token="Bearer "+list.access_token.toString();
//Headers
def map = message.getHeaders();
message.setHeader("Authorization", token);
return message;
}
Step d:
Optional
Script step to log your payload.
Block 4:
Locat Integration Process call to get
User data from
SuccessFactors.
Step a:
Add a Request-Reply step to make OData call to get User data from SuccessFactors with below configuration.
Step b:
Log your payload to see the user details from SuccessFactors.
Deploy your IFlow to see end to end result.
Hope this helps to understand step by step details to achieve the connectivity.
Regards,
Sriprasad Shivaram Bhat