SAP Knowledge Base Article - Public

2516614 - OData API Basic Authentication Configuration (1708 new feature)

Symptom

This KBA is a know how on the new feature released in 1708.

This feature is under "API Center" in Successfactors

UI.png

Environment

Successfactors

Resolution

1. When "Always" is enabled, then all the IP address can be used to use basic auth to access the system. The IP addresses in textbox should not take any effect.

2. When "Never" is enabled, then all the IP address can't be used to use basic auth to access the system.The IP addresses in textbox should not take any effect.

<!       ·  The error message should be like below: Basic authentication for ODATA API is disabled for company XXX

3. When "Restrict access to below IPs" is enabeld, then all only IP address set in textbox can be used to use basic auth to access the system.

  • IP address in text box should be separated by comma or Enter. That means, one complete address starts with spacing/comma, ends with spacing/comma.

<!      ·  The extra spacing before and after the IP address should be trimmed

4. Basic Authentication Configuration [A] VS IP Restriction in "Password & Login Policy Settings" [B]

  • When use Basic Authorization way, it should first check "Basic Authentication Configuration", then check "Password & Login Policy Settings"
  • When the login ip is in A but not in B, it should give such error: Authentication failed. Attempted login from unauthorized ip: xxx to company id: xxx by username: admin(status code = 8)
  • When the login ip is in B but not in A, it should give such error: This client IP is disabled for ODATA API basic authentication for company xxx
  • When the login ip is neither in A nor in B, it should give such error: This client IP is disabled for ODATA API basic authentication for company xxx
  • When the login ip is in both A and B, it should login successfully.
  • When use non-Basic Authorization way, it should only check "Password & Login Policy Settings" (Only external oauth will check it.) That means, external oauth and internal oauth login should not be affected by Basic Authentication Configuration.

5. Basic Authentication VS OData API Access Permission VS OData API Feature

  • It will firstly check OData API feature is enabled or not, then check the IP setting in Basic Authentication.at last check whether the user has OData API Admin Access Permission

Keywords

  • OData API Basic Authentication Configuration
  • 1708 new release feature in API
  • API center
, KBA , odata api basic authentication configura , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , How To

Product

SAP SuccessFactors HCM Core 1708