/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Time Events are no longer integrated from the External Terminal to SAP SuccessFactors Clock In Clock Out.
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Environment
- SAP SuccessFactors HCM Suite
- SAP SuccessFactors Time Tracking – Clock In Clock Out
Cause
The integration between the External Terminal and SAP SuccessFactors Clock In Clock Out have its Authorization Framework based on a generated SAML Assertion and OAuth Token.
This OAuth Token is valid for 11 hours, and is then used to call the external REST API and send the time punches from the External Terminal to Clock In Clock Out.
Since the last OAuth Token generation, at least 11 hours have passed and the OAuth Token has expired.
Resolution
It is necessary to generate a new OAuth Token as per the SAP Help Portal Documentation Integrating SAP SuccessFactors Clock In Clock Out with External Time Tracking Services.
Please check the following detailed steps in the demo system.
1. Generating API Key
Since the Time Events integration were working before and have stopped only now since the OAuth token got expired, mostly likely the API Key is already correctly reconfigured, but please ensure that this step is proper set as per the documentation guide previous mentioned.
Navigate to “Admin Center > Manage OAuth2 Client Applications”, open the application for Clock In Clock Out integration.
This step creates the API Key, which is then used to the create the OAuth Token.
2. Creating OAuth Token
To create the OAuth Token, two main steps are needed:
2.1 Generate the SAML assertion
The Identity Provider (IDP) API is responsible to generate the SAML assertion, which will be used as the assertion value to generate the OAuth Token (step 2.2).
Refer to the “Description” highlighted in the below image, which has the corresponding details for the key values that are necessary to be set under request Body.
2.2 Generate the OAuth Token
The OAuth Token API generates the OAuth Token itself as a result.
Refer to the “Description” highlighted in the below image, which has the corresponding details for the key values that are necessary to be set under request Body.
3. The new OAuth Token has been generated
Use this token to call the REST API: /rest/timemanagement/timeeventprocessing/v1/TimeEvents, and so on, integrate the Time Events from the External Terminal to SAP SuccessFactors Clock In Clock Out.
Obs.: The above steps can be done using any API Client by creating/saving HTTP/HTTPs protocols and checking its response; the one showed here is just an example, as well of the "Key Values" that will be different for each SAP SuccessFactors Employee Central instance.
See Also
- SAP Help Portal Documentation: Integrating External Time Tracking Services with SAP SuccessFactors Clock In Clock Out
- SAP Help Portal Documentation: Implementation of SAP SuccessFactors Time Tracking
- SAP Community Blog: Clock In Clock Out in SAP SuccessFactors Time Tracking – Overview and How-To Guide
- SAP Community Blog: How to initiate an OAuth connection to SuccessFactors Employee Central?
- KBA 3146142 - Integration of API for SAP SuccessFactors Time Tracking Clock In Clock Out
- KBA 3205292 - FAQ - Frequently Asked Questions regarding Import and Export of Time Events
Keywords
OAuth Token, Token, Expired, External Terminal, SAP SuccessFactors Clock In Clock Out, Clock In Clock Out, TTR, CICO, TTR CICO, Time Tracking, API Key, SAML assertion, assertion, HTTP, POST, OAuth2, tms , KBA , LOD-SF-TTR-CIO , Clock In/ Clock Out , LOD-SF-TTR , Time Tracking , Problem
Product
Attachments
| Pasted image.png |
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)