SAP Knowledge Base Article - Public

3031657 - How to generate SAML assertions using SAP-provided Offline tool - SAP SuccessFactors

Symptom

This KBA aims to cover how to generate SAML assertions using the SAP-provided Offline tool, when integrating with SuccessFactors APIs.

Purpose and Usage

  • This KBA is intended for demonstration purposes and developer reference.

  • Software vendors must review and approve the code with their security and legal teams, particularly regarding third-party licensing, before reuse.

  • SAP is not liable for issues unless caused by gross negligence or willful misconduct.

  • If you use this code to generate SAML Assertions in a production environment, you are fully responsible for securing those assertions.
  • All sample code is provided "AS-IS" without warranty.

Recommended Approach

  • For production scenarios, the preferred method is to use a corporate Identity Provider (IdP) such as:

    • SAP Identity Authentication Services (IAS)

    • A trusted third-party IdP

  • Refer to your corporate IdP's documentation for setup and configuration guidance.

  • Reference: Generating a SAML Assertion chapter from OData API guide.

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SAP SuccessFactors HXM Suite

Resolution

STEP 1: DOWNLOADING MAVEN FILE

  • Download the file from Downloading Apache Maven and unzip it to your local drive.
    In the example below, the folder has been extracted to the C drive:

     

STEP 2: VALIDATING JAVA JDK COMPATIBILITY AND MAINTAINING ENVIRONMENT VARIABLES

  1. At your computer: Click on File Explorer > This PC (right button) > Properties > Advanced System Settings > Environment Variables;
  2. At System Variables, ensure JAVA_HOME variable is set and points to the path of your JDK installation;
  3. At User Variables, click on new and set the path of the "bin" folder (from your JDK installation folders) to the variable "PATH" as shown below:



    NOTE: The sample SAML Assertion code in this SAP KBA is compatible with Java 8. If you encounter Java-related errors, update your JDK or install the latest SapMachine JDK.
     

STEP 3: VALIDATING JDK INSTALLATION

  1. Go to Command Prompt and execute the command: echo %JAVA_HOME%
  2. If it prints the folder path of the JDK installation, it means the installation was successful:


     

STEP 4: VALIDATING MAVEN INSTALLATION

  1. Open the Command Prompt and execute the command: mvn -v



    This means Maven installation is successful. Now we are good to proceed with generating SAML assertion using the Offline tool.
     

STEP 5: GENERATING SAML ASSERTION

  1. Go to attachment section of this KBA and download the zip file;
  2. Extract folder from zip file to your local drive;
  3. Go to the folder and open "SAMLAssertion.properties" file;





  4. Fill the data there:
    • tokenUrl: API server endpoint from guide page List of SAP SuccessFactors API Servers with "/oauth/token" in the end.

    • clientId: API Key which you received while registering the client in SF.

    • userId OR userName (choose one to fill and left the other empty): 
      • The userId expects the User ID of the API/integration user
      • The userName expects the username of the API/integration user
        NOTE: This solution does not support multiple API users simultaneously. A different user requires a separate SAML assertion and property file.

    • privateKey: X.509 private key.

    • expireInMinutes: Set it according your business requirements. SAML assertions usually expires in 5-10 minutes.

  5. See the sample file below:



  6. Save the file and close;
  7. Open a new Command Prompt;
  8. Execute the command: "cd C:\SAMLAssertionGen-master" (the directory where folder was extracted):



  9. Execute the command: mvn compile exec:java -Dexec.args="SAMLAssertion.properties"



  10. Once completed, it would generate SAML assertion. Copy this and store it securely in your local drive.

See Also

Boomi connectors - Generating a SAML Assertion

Keywords

Oauth, Odata, API, Maven, JDK, saml , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , How To

Product

SAP SuccessFactors HCM Suite all versions

Attachments

Pasted image.png
SAMLAssertionGen-master (1).zip
2a3b0381c33562d88319352f05013130
5a3bcf41c33562d88319352f050131e1
a23b0381c33562d88319352f05013182
d23bcf41c33562d88319352f050131f6