SAP Knowledge Base Article - Public

3363735 - After migrating from Basic to Certificate Authentication, some fields are missing in IPS job

Symptom

You have moved from basic authentication to certificate authentication and after performing the configuration you have noticed that in IAS some fields are not being captured by the IPS job anymore.

Environment

  • IPS: Using API version 1 (OData)
  • SuccesFactors: Using Certificate Based Authentication

Reproducing the Issue

  1. Perform the steps outlined in the KBA below to migrate from basic to certificate authentication:
    3312844 - Client certificate based authentication in IPS with SuccessFactors as Source system.
  2. When performing the public certificate mapping leave the field common name empty (since this is not required)
  3. Complete the configuration and triggers the IPS sync job
  4. Some fields may not return after that

Cause

What happens here is that when you map a certificate and do not provide any common name, the system then uses a Technical User to log in SuccessFactors and read the information.

This technical user is hardcoded and permissioned based on the standard mapping, this means that if you have any customized mapping in your IPS this user may not be able to read this data since it will not have the permissions to do it.

Resolution

Consider the following:

  1. The first recommendation is whenever possible to stay with the standard mappings specially considering the migration from API version 1 (OData) to 2 (SCIM) in IPS once SCIM APIs may not be able to access this data at all (you can review the documentation below to check if you may have this problem in the future)
    System for Cross-domain Identity Management for Workforce in SuccessFactors
  2. If you still want to keep the customized mappings, then you need to make sure that when adding the public certificate mapping in security center, you are providing in the Common Name field a user which has the proper permissions to access this data, then the API will be able to access it and return in the IPS job.

Keywords

IAS migration from basic to certificate, certificate based authentication IPS, upgrade IAS, missing fields in IPS job , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-PLT-IAS , Identity Authentication Services (IAS) With BizX , Problem

Product

SAP SuccessFactors HCM Core all versions