cancel
Showing results for 
Search instead for 
Did you mean: 

OAUTH Token generation exception

Former Member
0 Kudos

Hi,

   Im trying to extend SAP SF JAM application with additional functionalities, to do so I have created a application in Eclipse and deployed the application in HANA Cloud Platform. To connect with SAP JAM demo instance I have made the OAuth and SAML IDP configurations both in HCP and JAM instance, but im getting the error while executing, I have attached the screenshot for your quick reference.

   But the same application when I tried extending with developer JAM instance its working fine. can u please help me in resolving this issue, its blocking many of our objects and it has become shows topper.

View Entire Topic
robert_horne
Advisor
Advisor
0 Kudos

Adam is right. It appears you are authenticating the wrong user. If you want this to work with your demo instance there are a few things you need to do.

From what I understand you were able to get this working with your developer edition of SAP Jam but you can't get it working with your demo SuccessFactors and Jam system.

If this is correct then you need to do the following.

1. You need to configure your BizX system to be the default IDP for your HCP system. What this means is that your Java application needs to be authenticated via BizX. This ensures that the SAML assertion you generate comes from BizX.

2. Once you have BizX setup as the authentication for the Java App. You need to set-up the Destination. The type of destination you need to setup is an

OAuth2SAMLBearerAssertion

3. What this does is send the assertion from BizX for the authenticated user from the Java app to Jam. This assertion would be an assertion for someone like Carla Grant "cgrant" which is an example of one of the demo users.

4. We can tell it won't work because from the error message that we are seeing you are sending an assertion for your PUser account which is an account in SAP ID. This account is not in your Jam system so Jam will never accept the assertion for a user who is not in the Jam system.

I hope this helps.

robert_horne
Advisor
Advisor
0 Kudos

After talking to you on the phone it appears that you have the BizX setup as the IDP for HCP properly now and you were still having trouble.

We noticed one more thing you were missing.

http://help.sap.com/download/documentation/sapjam/developer/index.html#odata/concepts/Auth-SAMLForma...

We need to set the NameQualifier to "www.successfactors.com

This is only needed when connecting to a Jam connected to BizX like in your sales demo system.

You can set this in the Destination parameters in HCP.

Another thing you can do as mentioned in the documentation link above is set the NameID Format to E-mail also documented in the attached link.

Former Member
0 Kudos

Thankyou Robert and Adam for your help, support and your valuable time in resolving this issue.

We really appreciate your efforts.

After doing all these above said changes, the application is working fine now.

Thanks a million...!!!

0 Kudos

HI Soumya

Would you want to write a blog on your experiences and the setup you had to do?  It might be a nice reference for others, if you have time to do this.

Regards

Ginger

Former Member
0 Kudos

Thanks Ginger for considering us to write a blog.

Sure, me and Farhasadab Kazi would like to write a blog to share our experience in developing JAM extension using HCP. Since we are bit busy in presentations, in couple of days we will write a blog on the same.

Thanks & Regards,

Soumya & Farha