cancel
Showing results for 
Search instead for 
Did you mean: 

OAUTH Token generation exception

Former Member
0 Kudos

Hi,

   Im trying to extend SAP SF JAM application with additional functionalities, to do so I have created a application in Eclipse and deployed the application in HANA Cloud Platform. To connect with SAP JAM demo instance I have made the OAuth and SAML IDP configurations both in HCP and JAM instance, but im getting the error while executing, I have attached the screenshot for your quick reference.

   But the same application when I tried extending with developer JAM instance its working fine. can u please help me in resolving this issue, its blocking many of our objects and it has become shows topper.

Accepted Solutions (1)

Accepted Solutions (1)

robert_horne
Advisor
Advisor
0 Kudos

Adam is right. It appears you are authenticating the wrong user. If you want this to work with your demo instance there are a few things you need to do.

From what I understand you were able to get this working with your developer edition of SAP Jam but you can't get it working with your demo SuccessFactors and Jam system.

If this is correct then you need to do the following.

1. You need to configure your BizX system to be the default IDP for your HCP system. What this means is that your Java application needs to be authenticated via BizX. This ensures that the SAML assertion you generate comes from BizX.

2. Once you have BizX setup as the authentication for the Java App. You need to set-up the Destination. The type of destination you need to setup is an

OAuth2SAMLBearerAssertion

3. What this does is send the assertion from BizX for the authenticated user from the Java app to Jam. This assertion would be an assertion for someone like Carla Grant "cgrant" which is an example of one of the demo users.

4. We can tell it won't work because from the error message that we are seeing you are sending an assertion for your PUser account which is an account in SAP ID. This account is not in your Jam system so Jam will never accept the assertion for a user who is not in the Jam system.

I hope this helps.

robert_horne
Advisor
Advisor
0 Kudos

After talking to you on the phone it appears that you have the BizX setup as the IDP for HCP properly now and you were still having trouble.

We noticed one more thing you were missing.

http://help.sap.com/download/documentation/sapjam/developer/index.html#odata/concepts/Auth-SAMLForma...

We need to set the NameQualifier to "www.successfactors.com

This is only needed when connecting to a Jam connected to BizX like in your sales demo system.

You can set this in the Destination parameters in HCP.

Another thing you can do as mentioned in the documentation link above is set the NameID Format to E-mail also documented in the attached link.

Former Member
0 Kudos

Thankyou Robert and Adam for your help, support and your valuable time in resolving this issue.

We really appreciate your efforts.

After doing all these above said changes, the application is working fine now.

Thanks a million...!!!

0 Kudos

HI Soumya

Would you want to write a blog on your experiences and the setup you had to do?  It might be a nice reference for others, if you have time to do this.

Regards

Ginger

Former Member
0 Kudos

Thanks Ginger for considering us to write a blog.

Sure, me and Farhasadab Kazi would like to write a blog to share our experience in developing JAM extension using HCP. Since we are bit busy in presentations, in couple of days we will write a blog on the same.

Thanks & Regards,

Soumya & Farha

Answers (1)

Answers (1)

Adam_Stone
Active Contributor
0 Kudos

The account that it is trying to logon as is your S User ID.  For the developer edition, this works as this is your actual account for that system.  I suspect that this is not the User ID that is being used for your other Jam instance.  You need to make sure it is setup such that the correct user information is being passed through.

Former Member
0 Kudos

The user ID here "S0015205459" is the username of my HCP account, do I need to register this userID anywhere in my JAM demo instance.

Adam_Stone
Active Contributor
0 Kudos

I don't believe its possible to have your S-User setup in your demo instance as the Demo instance does not use the same Identity Provider.  You would need to update your application to utilize the user that does exist in your demo system.

Former Member
0 Kudos

I have made the identity provider link between HCP account and JAM demo instance, ie., I have made OAuth client configuration and also SAML IDP in JAM with HCP account details and also I have given the signing certificate of HCP local identity provider in my JAM demo instance. I have followed the instruction as per the course "Extending SAP Products with HANA cloud platform" in "OPENSAP". Still im getting the same error.

Should I register my HCP user account in Success Factor provisioning?

Adam_Stone
Active Contributor
0 Kudos

Yes, your HCP user account must be provisioned in your SuccessFactors system, otherwise this account will not exist in your Jam instance and you will not be able to use it.

Former Member
0 Kudos

Ok thankyou, but i tried the same with the other HCP account which is already provisioned in my Success Factor instance even then i was getting the same error.