SuccessFactors OData security provider in Jitterbit App Builder
The SuccessFactors OData security provider authenticates requests made to a SuccessFactors OData web service endpoint. The SuccessFactors OData security provider supports the following authentication types:
- HTTP Basic Authentication
- OAuth SAML 2.0 Bearer Assertion
Configuration
Authentication types
HTTP basic authentication
See the HTTP security provider for details on how to configure HTTP Basic Authentication.
OAuth SAML 2.0 bearer assertion
See the OAuth security provider for details on how to configure the SAML 2.0 Bearer Assertion grant.
Note that SuccessFactors refers to the OAuth client identifier (client_id) as the "API Key." SuccessFactors does not require a client secret (client_secret). Therefore, to configure the client credentials, create a Credential of type Client, provide the API Key as the user name, and leave the password blank.
Defaults
The SuccessFactors OData security provider will default the following Token properties:
- Issuer: Defaults to the OAuth client identifier (
client_id). - Audience: Defaults to
www.successfactors.com. - Recipient: Defaults to the API Endpoint (see below) with the path
/odata/v2appended.
In addition, the SuccessFactors OData security provider will default the following endpoints:
- Token Endpoint: Defaults to the API Endpoint (see below) with the path
/oauth/tokenappended.
Endpoints
The SuccessFactors OData security provider defines the following additional endpoints:
| Type | Description |
|---|---|
| API Endpoint | SuccessFactors API root URL, e.g. https://api4.successfactors.com/. As noted in the SuccessFactors documentation, "Your endpoint URLs for accessing the OData APIs depend on the data center hosting your SuccessFactors instance." |
Note
The URL must not contain the /odata/v2 path. App Builder will append the path.
Properties
The SuccessFactors OData security provider defines the following additional parameters:
| Parameter | Default | Description |
|---|---|---|
| CompanyId | The SuccessFactors company identifier. Required. |
Known issues and limitations
SAML assertion source
The SuccessFactors Odata security provider cannot source SAML assertions from a SAML Single Sign-On (SSO) provider. SuccessFactors expects the SAML assertion's Issuer to match the OAuth2 Client Application API Key. API Keys are opaque blobs. Though some SAML SSO Identity Providers (IdPs) can be configured to generate a SAML assertion with an arbitrary Issuer, they may describes the Issuer as urn:oasis:names:tc:SAML:2.0:nameid-format:entity. That format describes a URI. Since the API Key can't be parsed as a URI, App Builder rejects the SAML assertion.