/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
With this Release, we are announcing the deprecation of the OAuth IdP API /oauth/idp.
The /oauth/idp API was provided for API users to generate SAML assertions for authentication. However, this method is considered unsafe because it requires users to pass private keys through an API call. Therefore, we're deprecating this API and encouraging you to choose secure ways to generate SAML assertions.
Environment
SAP SuccessFactors OData API
SAP SuccessFactors Compound Employee API
Resolution
Effective immediately, new customers will not be able to use this API to generate SAML assertions. Existing usage will also be stopped on the deletion date.
For more information, please see the See Also section below.
FAQ:
1) How do I know if my company is using the "/oauth/idp" endpoint?
There are no logs that would help confirming that on SuccessFactors side. All the SAP standard integration processes that connect to SuccessFactors already don't use "/oauth/idp" or are being enhanced to not use it. So, for the other integration processes that connect to SuccessFactors API (the ones that are not delivered by SAP), you'll have to check internally with the people in your company that are responsible for such integrations and confirm if the "/oauth/idp" is being used or not.
2) What are the alternatives to "/oauth/idp"?
The "/oauth/idp" endpoint was used to generate a SAML Assertion, so other alternatives are:
- Apache Maven (example in KBA 3031657 - SAP SuccessFactors SAML Assertion format demonstration using SAP Provided offline tool)
- Any other 3rd party IdP, MS Azure for example (KBA 3301583 - SAP SuccessFactors SAML Assertion format demonstration using MS Azure)
See Also
WNV: Deprecation of OAuth IdP API /oauth/idp
Generating a SAML Assertion
Guide: SAP SuccessFactors HXM Suite OData API: Developer Guide (V4)
KBA 3146449 OAuth Authentication: Frequently Asked Questions (FAQ)
KBA 3031657 SAP SuccessFactors SAML Assertion format demonstration using SAP Provided offline tool
Keywords
/oauth/idp, idp, oauth, deprecation, SAML, SAML assertion, security, API-23511, OAuth IdP API , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-CE , Compound Employee API , Product Enhancement
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)