SAP Knowledge Base Article - Public

2978172 - OAUTH authentication mode in Boomi for SuccessFactors Connector (SuccessFactors-Partner Connector)

Symptom

With 1H 2021 SuccessFactors release, new enhancement has been done for SuccessFactors Connector in Boomi to support OAUTH authentication for OData API call.

Environment

  • Boomi Platform
  • SuccessFactors ODATA API
  • SuccessFactors SFAPI

Resolution

Step 1: Register the Boomi platform (client) for OAUTH authentication and generate "Oauth client Id"

  • Go to Admin Center-> Manage Oauth2 Client Applications
  • Click on "Register client application" and enter detail as documented in guide: LINK
  • Make sure application URL maintained is "https://platform.boomi.com/"
  • There are 3 ways to generate X509 certificate key pair (Private Key and public key):
    • Generate self-signed certificate using external online tools. One example is documented in KBA: Check KBA 
    • Generate X509 certificate via SuccessFactors: LINK
  • Steps below shows private key generated via SuccessFactors  using " Generate X509 certificate"

  • Download the X.509 certificate. This would be saved as .pem file. Open this with notepad and copy the private key text which you need for boomi connection configuration.
  • Click on "Register" and this will generate API Key. API Key will be updated as "OAUTH2 Client ID" in boomi SF connector.

Step 2: Boomi Connection Configuration for ODATA  OAUTH:

    • Under SF connection, make sure you have only checked “Enable SF OData Entity Import“  and password field is blank.

Step 3: Generate SAML assertion:

  • SF connector gives you 2 options to generate/maintain SAML assertion:
    • Option 1: SAML assertion is being generated by SF connector
      • Fill data for OAuth Client ID and Private Key which was generated in Step 1 above and save the changes. Based on these 2 information SF connector would generate SAML assertion at runtime.



    • Option 2: SAML assertion is generated externally (3031657 - How to generate SAML assertion for SAP SuccessFactors API using SAP provided offline tool?) and you want to maintain the SAML assertion directly in SF connector's connection.
      • You can go for this option if you do not wish to expose Private Key  in SF connector. Leave the OAUTH Private key field blank.
      • Create a dynamic process property as shown below and enter SAML assertion as a static value to this property:



      • Enter the dynamic property name in SF connection as below and make sure "Oauth2 Client Id" is maintained too:



      • NOTE: Option 1 is the preferred choice for customers intending to use SAP's wider infrastructure in order to generate the SAML assertion. Option 2 is designed for customers choosing to use their own infrastructure to generate such assertion

Now you are done with SF connection setup. When Boomi process is being executed, you would see authorization being used is "Bearer ****" in request header of the OData API Audit log.

OData API Audit Log:

SFAPI OAUTH

Same steps as above is valid for SFAPI OAUTH too i.e. once you have maintained all the required information in connector, you can use the same connection for SFAPI and ODATA API entities both.
For new Integration, make sure you select "Enable SFAPI Entity Import" to import SFAPI entity.

Important Note:

  • Post SF connector deployment, existing connection created using SF connector would not change i.e. by default basic auth would still be working for existing integration but additional fields for OAUTH would be visible.
  • If creating a connection to test OAUTH authentication for ODATA, make sure "Enable SFAPI Entity Import" is unchecked and password is removed.
  • Same SuccessFactors connection created for OAUTH can be used for SFAPI and ODATA API both.

Keywords

Boomi, OAUTH, authentication, V2, odata, connection, sf,  , KBA , LOD-SF-INT-BPI , Dell & Boomi Infrastructure , Problem

Product

SAP SuccessFactors HXM Suite all versions

Attachments

Pasted image.png