Security Provider - SuccessFactors OData¶
The SuccessFactors OData security provider authenticates requests made to a SuccessFactors OData web service endpoint. The SuccessFactors OData security provider supports the following authentication types:
- HTTP Basic Authentication
- OAuth SAML 2.0 Bearer Assertion
Configuration¶
Authentication Types¶
HTTP Basic Authentication¶
See the HTTP security provider for details on how to configure HTTP Basic Authentication.
OAuth SAML 2.0 Bearer Assertion¶
See the OAuth security provider for details on how to configure the SAML 2.0 Bearer Assertion grant.
Note that SuccessFactors refers to the OAuth client identifier (client_id) as the "API Key." SuccessFactors does not require a client secret (client_secret). Therefore, to configure the client credentials, create a Credential of type Client, provide the API Key as the user name, and leave the password blank.
Defaults¶
The SuccessFactors OData security provider will default the following Token properties:
- Issuer: Defaults to the OAuth client identifier (
client_id). - Audience: Defaults to
www.successfactors.com. - Recipient: Defaults to the API Endpoint (see below) with the path
/odata/v2appended.
In addition, the SuccessFactors OData security provider will default the following endpoints:
- Token Endpoint: Defaults to the API Endpoint (see below) with the path
/oauth/tokenappended.
Endpoints¶
The SuccessFactors OData security provider defines the following additional endpoints:
| Type | Description |
|---|---|
| API Endpoint | SuccessFactors API root URL, e.g. https://api4.successfactors.com/. As noted in the SuccessFactors documentation, "Your endpoint URLs for accessing the OData APIs depend on the data center hosting your SuccessFactors instance." |
Note
The URL must not contain the /odata/v2 path. Vinyl will append the path.
Properties¶
The SuccessFactors OData security provider defines the following additional parameters:
| Parameter | Default | Description |
|---|---|---|
| CompanyId | The SuccessFactors company identifier. Required. |
Known Issues and Limitations¶
SAML Assertion Source¶
The SuccessFactors Odata security provider cannot source SAML assertions from a SAML Single Sign-On (SSO) provider. SuccessFactors expects the SAML assertion's Issuer to match the OAuth2 Client Application API Key. API Keys are opaque blobs. Though some SAML SSO Identity Providers (IdPs) can be configured to generate a SAML assertion with an arbitrary Issuer, they may describes the Issuer as urn:oasis:names:tc:SAML:2.0:nameid-format:entity. That format describes a URI. Since the API Key can't be parsed as a URI, Vinyl rejects the SAML assertion.