3031657 - How to generate SAML assertions using SAP-provided Offline tool - SAP SuccessFactors

This KBA aims to cover how to generate SAML assertions using the SAP-provided Offline tool, when integrating with SuccessFactors APIs.

Purpose and Usage

• This KBA is intended for demonstration purposes and developer reference.

• Software vendors must review and approve the code with their security and legal teams, particularly regarding third-party licensing, before reuse.

• SAP is not liable for issues unless caused by gross negligence or willful misconduct.

• If you use this code to generate SAML Assertions in a production environment, you are fully responsible for securing those assertions.

• All sample code is provided "AS-IS" without warranty.

Recommended Approach

• For production scenarios, use a third-party IdP to generate a SAML assertion, such as Microsoft Azure.
  
  
• For more information, refer to the corresponding documentation of the third-party IdP.
  
  
• Reference: Generating a SAML Assertion

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

SAP SuccessFactors HXM Suite

STEP 1: DOWNLOADING MAVEN FILE

• Download the file from Downloading Apache Maven and unzip it to your local drive.
  In the example below, the folder has been extracted to the C drive:
  
   
  
  

STEP 2: VALIDATING JAVA JDK COMPATIBILITY AND MAINTAINING ENVIRONMENT VARIABLES

1. At your computer: Click on File Explorer > This PC (right button) > Properties > Advanced System Settings > Environment Variables;
2. At System Variables, ensure JAVA_HOME variable is set and points to the path of your JDK installation;
3. At User Variables, click on new and set the path of the "bin" folder (from your JDK installation folders) to the variable "PATH" as shown below:
   
   
   
   NOTE: The sample SAML Assertion code in this SAP KBA is compatible with Java 8. If you encounter Java-related errors, update your JDK or install the latest SapMachine JDK.
    

STEP 3: VALIDATING JDK INSTALLATION

1. Go to Command Prompt and execute the command: echo %JAVA_HOME%
2. If it prints the folder path of the JDK installation, it means the installation was successful:
   
   
    

STEP 4: VALIDATING MAVEN INSTALLATION

1. Open the Command Prompt and execute the command: mvn -v
   
   
   
   This means Maven installation is successful. Now we are good to proceed with generating SAML assertion using the Offline tool.
    

STEP 5: GENERATING SAML ASSERTION

1. Go to attachment section of this KBA and download the zip file;
2. Extract folder from zip file to your local drive;
3. Go to the folder and open "SAMLAssertion.properties" file;
   
   
   
   
   
   
4. Fill the data there:
   • tokenUrl: API server endpoint from guide page List of SAP SuccessFactors API Servers with "/oauth/token" in the end.
     
     
   • clientId: API Key which you received while registering the client in SF.
     
     
   • userId OR userName (choose one to fill and left the other empty): 
     • The userId expects the User ID of the API/integration user
     • The userName expects the username of the API/integration user
       NOTE: This solution does not support multiple API users simultaneously. A different user requires a separate SAML assertion and property file.
       
       
   • privateKey: X.509 private key.
     
     
   • expireInMinutes: Set it according your business requirements. SAML assertions usually expires in 5-10 minutes.
     
     
5. See the sample file below:
   
   
   
   
6. Save the file and close;
7. Open a new Command Prompt;
8. Execute the command: "cd C:\SAMLAssertionGen-master" (the directory where folder was extracted):
   
   
   
   
9. Execute the command: mvn compile exec:java -Dexec.args="SAMLAssertion.properties"
   
   
   
   
10. Once completed, it would generate SAML assertion. Copy this and store it securely in your local drive.
    
    

Boomi connectors - Generating a SAML Assertion

Oauth, Odata, API, Maven, JDK, saml, assertion, bearer, successfactors, SF, ias, idp , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , How To