SAP Knowledge Base Article - Public

3542887 - Failure to Generate SAML Assertion due to java.security.InvalidKeyException - OData API

Symptom

You are following steps (such as KBA 3031657) to generate SAML Assertion for OData API OAuth Authentication.

But you get similar error as below and the SAML Assertion cannot be generated:

  • Fail to generate SAML Assertion due to java.security.InvalidKeyException: Unable to decode key

Environment

SAP SuccessFactors HCM Core

  • OData API

Reproducing the Issue

  1. Following KBA 3031657 to generate SAML Assertion
  2. Prepare the file "SAMLAssertion.properties" according to the steps
  3. Execute the command but error happens

Cause

This error can be caused by using the wrong private key (such as using Public Key instead of Private Key).

Resolution

Please make sure you are passing the correct Private Key (rather than Public Key).

If you generate the key in SF (Manage OAuth2 Client Applications), note that the you can only download Private Key when you create it (by downloading .PEM file).

See Also

3031657 - How to generate SAML assertion using SAP-provided offline tool - SAP SuccessFactors

Keywords

SAML Assertion, java.security.InvalidKeyException, Unable to decode key, OAuth 2.0, PrivateKey, PublicKey, certificate, X509 , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , Problem

Product

SAP SuccessFactors HCM Core all versions