SAP Knowledge Base Article - Public

3260144 - OAuth2 Access token is not generated when userId is bound to API key but SAML Assertion is generated using username

Symptom

You wish to know why an OAuth2 Access token is not generated when userId is bound to an API key but SAML Assertion is generated using username. When you try, the following error occurs:
Unable to generate token. User is not bound to the client application.

This will affect the users, who have different username and userId in the system

  • who are using SAML offline tool to generate saml and then used binding api userId to api key
  • CPI tool users, who are using user Binding
  • Boomi users who have done UserId binding to API key

Environment

SAP SuccessFactors API

Reproducing the Issue

  1. Pick a SFSF User who has username and userId different
  2. Generate API key in manage oauth2 client screen and bind userId to the API key
  3. Generate SAML Assertion using the param "use_username=true"
  4. Try to generate OAuth2 token and it will not work

Resolution

This has been identified as a bug and will be fixed in Oct 28th in Preview environment and Dec 9th in Production

In the meantime, should you need a workaround, please remove the userId binding


Keywords

Unable to generate token. User is not bound to the client application, SAML, OAuth, SAML, API, OAuth2, Access token, generated, userId, bound, API key, SAML Assertion, username, API-25938, API-23342 , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , Product Enhancement

Product

SAP SuccessFactors HCM Core all versions ; SAP SuccessFactors HCM Suite all versions