3031657 - How to generate SAML assertion using SAP-provided offline tool - SAP SuccessFactors

You wish to learn how to generate a SAML assertion for SAP SuccessFactors SFAPI/ODATA API using an SAP provided offline tool.

IMPORTANT NOTES:

• The codebase for generating SAML Assertion provided in this SAP KBA (Sample coding) can be run and compiled on Java 8 too. If you are facing JAVA errors or exceptions performing this KBA, you may need to update your Java JDK version or install SapMachine JDK from https://sap.github.io/SapMachine/#download (newest version). 
• This KBA is for demonstration purposes and developers' know-how only. 
• Any software coding and/or code snippets are examples. If you use any examples to help generate a SAML Assertion that will be used in a production environment, you are solely responsible for ensuring the security of such a SAML Assertion. SAP does not warrant the correctness and completeness of the example code and such code is delivered "AS-IS". SAP shall not be liable for errors or damages caused by the use of example code unless damages have been caused by SAP's gross negligence or willful misconduct.
• Software Vendors who want to re-use the sample code in their platform, need to check the code with their security team and legal team (for 3rd party licensing) and then re-use it accordingly.
• With the 2H 2022 Release we changed the expireInDays field in SAMLAssertion.properties to expireInMinutes so customers can set expire period based on their needs for the generated SAML Assertion. The default value for expireInMinutes is 10 minutes, customers can set any valid values for it.
• We supported use userId to generate SAML Assertion. And userName will only be considered when userId is null/empty (in other words, if you want to use userId, you must make sure that value for userId field is valid and correct; If we want to use userName, we must make sure that userId's value is null/empty and userName's value is valid and correct).
• This scenario will not work for more than one API user. The reason for this is that SAML properties are used in preparing the SAML assertion, thus a single SAML assertion cannot be devised for more than one user at a time (i.e., more than one SAML property file would have to be maintained and generated).

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

• SAP SuccessFactors HXM Suite
  • OData API

Oauth, Odata, API, Maven, JDK, saml , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , How To