3664715 - Validity of the keypair generated via CPI for OAuth in SuccessFactors OData API

A key pair created in SAP CPI for use in SuccessFactors OData API OAuth has a certificate that is set to expire shortly.

This KBA will explain the SuccessFactors API behavior regarding such expired certificates.

• SAP SuccessFactors HCM Suite
  • OData API
• CPI

SuccessFactors API validates the certificate expiration date only if it was created using the "Manage OAuth2 Client Applications" tool in SuccessFactors, with the "Enable validity check" and "Validity(Days)" fields configured (refer to KBA 2511864 - Validity of the keypair generated via SuccessFactors for OAuth in OData API for more details).

So, considering that the certificate was created in CPI itself, even after the certificate is expired it will still be accepted by SuccessFactors API.

cpi, x.509 certificate, renewal, oauth2 saml bearer assertion, odata api, certificate expiration, sap cloud integration, , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , Problem