SAP Knowledge Base Article - Public

3239495 - 2H 2022: Deprecation of OAuth IdP API /oauth/idp

Symptom

With this Release, we are announcing the deprecation of the OAuth IdP API /oauth/idp.
The /oauth/idp API was provided for API users to generate SAML assertions for authentication. However, this method is considered unsafe because it requires users to pass private keys through an API call. Therefore, we're deprecating this API and encouraging you to choose secure ways to generate SAML assertions.

Environment

SAP SuccessFactors OData API
SAP SuccessFactors Compound Employee API

Cause

Deprecation

Resolution

Effective immediately, new customers will not be able to use this API to generate SAML assertions. Existing usage will also be stopped on the deletion date.
For more information, please see the See Also section below.

See Also

WNV: Deprecation of OAuth IdP API /oauth/idp
Guide: SAP SuccessFactors HXM Suite OData API: Developer Guide (V4)
KBA 3146449 OAuth Authentication: Frequently Asked Questions (FAQ)
KBA 3031657 SAP SuccessFactors SAML Assertion format demonstration using SAP Provided offline tool

Keywords

/oauth/idp, idp, oauth, deprecation, SAML, SAML assertion, security, API-23511, OAuth IdP API , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-CE , Compound Employee API , How To

Product

SAP SuccessFactors HXM Suite all versions