SAP Knowledge Base Article - Public

2240462 - SAML Token Assertion for ODATA API call to SF fails with an error: Unable to validate \"Recipient\" in the SAML

Symptom

SAML Token Assertion for ODATA API call to SF fails with below error:

errorHttpCode: 401

errorMessage: Unable to validate \"Recipient\" in the SAML assertion

Resolution

Check if Token URL for IDP service has been used correctly.

This can also be verified in SAML assertion xml generated.

<saml2:SubjectConfirmationData Recipient="https://mysalesdemo4.successfactors.com" NotOnOrAfter="2015-11-05T08:23:44.575Z"/> 

The token_URL specified in /idp request should point to SF token URL if recipient is SF.

 

Keywords

KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT , Integrations , Problem

Product

SuccessFactors HCM Core 1508