Symptom
This KBA aims to cover how to generate SAML assertions using the SAP-provided Offline tool, when integrating with SuccessFactors APIs.
Purpose and Usage
-
This KBA is intended for demonstration purposes and developer reference.
- Software vendors must review and approve the code with their security and legal teams, particularly regarding third-party licensing, before reuse.
-
SAP is not liable for issues unless caused by gross negligence or willful misconduct.
- If you use this code to generate SAML Assertions in a production environment, you are fully responsible for securing those assertions.
-
All sample code is provided "AS-IS" without warranty.
Recommended Approach
-
For production scenarios, the preferred method is to use a corporate Identity Provider (IdP) such as:
-
SAP Identity Authentication Services (IAS)
-
A trusted third-party IdP
-
-
Refer to your corporate IdP's documentation for setup and configuration guidance.
-
Reference: Generating a SAML Assertion chapter from OData API guide.
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Environment
SAP SuccessFactors HXM Suite
Resolution
STEP 1: DOWNLOADING MAVEN FILE
- Download the file from Downloading Apache Maven and unzip it to your local drive.
In the example below, the folder has been extracted to the C drive:
STEP 2: VALIDATING JAVA JDK COMPATIBILITY AND MAINTAINING ENVIRONMENT VARIABLES
- At your computer: Click on File Explorer > This PC (right button) > Properties > Advanced System Settings > Environment Variables;
- At System Variables, ensure JAVA_HOME variable is set and points to the path of your JDK installation;
- At User Variables, click on new and set the path of the "bin" folder (from your JDK installation folders) to the variable "PATH" as shown below:
NOTE: The sample SAML Assertion code in this SAP KBA is compatible with Java 8. If you encounter Java-related errors, update your JDK or install the latest SapMachine JDK.
STEP 3: VALIDATING JDK INSTALLATION
- Go to Command Prompt and execute the command: echo %JAVA_HOME%
- If it prints the folder path of the JDK installation, it means the installation was successful:
STEP 4: VALIDATING MAVEN INSTALLATION
- Open the Command Prompt and execute the command: mvn -v
This means Maven installation is successful. Now we are good to proceed with generating SAML assertion using the Offline tool.
STEP 5: GENERATING SAML ASSERTION
- Go to attachment section of this KBA and download the zip file;
- Extract folder from zip file to your local drive;
- Go to the folder and open "SAMLAssertion.properties" file;
- Fill the data there:
- tokenUrl: API server endpoint from guide page List of SAP SuccessFactors API Servers with "/oauth/token" in the end.
- clientId: API Key which you received while registering the client in SF.
- userId OR userName (choose one to fill and left the other empty):
- The userId expects the User ID of the API/integration user
- The userName expects the username of the API/integration user
NOTE: This solution does not support multiple API users simultaneously. A different user requires a separate SAML assertion and property file.
- privateKey: X.509 private key.
- expireInMinutes: Set it according your business requirements. SAML assertions usually expires in 5-10 minutes.
- tokenUrl: API server endpoint from guide page List of SAP SuccessFactors API Servers with "/oauth/token" in the end.
- See the sample file below:
- Save the file and close;
- Open a new Command Prompt;
- Execute the command: "cd C:\SAMLAssertionGen-master" (the directory where folder was extracted):
- Execute the command: mvn compile exec:java -Dexec.args="SAMLAssertion.properties"
- Once completed, it would generate SAML assertion. Copy this and store it securely in your local drive.
See Also
Keywords
Oauth, Odata, API, Maven, JDK, saml , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , How To
Product
Attachments
Pasted image.png |
SAMLAssertionGen-master (1).zip |
2a3b0381c33562d88319352f05013130 |
5a3bcf41c33562d88319352f050131e1 |
a23b0381c33562d88319352f05013182 |
d23bcf41c33562d88319352f050131f6 |