on 01-27-2016 5:55 AM
Hi,
Im trying to extend SAP SF JAM application with additional functionalities, to do so I have created a application in Eclipse and deployed the application in HANA Cloud Platform. To connect with SAP JAM demo instance I have made the OAuth and SAML IDP configurations both in HCP and JAM instance, but im getting the error while executing, I have attached the screenshot for your quick reference.
But the same application when I tried extending with developer JAM instance its working fine. can u please help me in resolving this issue, its blocking many of our objects and it has become shows topper.
Adam is right. It appears you are authenticating the wrong user. If you want this to work with your demo instance there are a few things you need to do.
From what I understand you were able to get this working with your developer edition of SAP Jam but you can't get it working with your demo SuccessFactors and Jam system.
If this is correct then you need to do the following.
1. You need to configure your BizX system to be the default IDP for your HCP system. What this means is that your Java application needs to be authenticated via BizX. This ensures that the SAML assertion you generate comes from BizX.
2. Once you have BizX setup as the authentication for the Java App. You need to set-up the Destination. The type of destination you need to setup is an
OAuth2SAMLBearerAssertion |
3. What this does is send the assertion from BizX for the authenticated user from the Java app to Jam. This assertion would be an assertion for someone like Carla Grant "cgrant" which is an example of one of the demo users.
4. We can tell it won't work because from the error message that we are seeing you are sending an assertion for your PUser account which is an account in SAP ID. This account is not in your Jam system so Jam will never accept the assertion for a user who is not in the Jam system.
I hope this helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
After talking to you on the phone it appears that you have the BizX setup as the IDP for HCP properly now and you were still having trouble.
We noticed one more thing you were missing.
We need to set the NameQualifier to "www.successfactors.com
This is only needed when connecting to a Jam connected to BizX like in your sales demo system.
You can set this in the Destination parameters in HCP.
Another thing you can do as mentioned in the documentation link above is set the NameID Format to E-mail also documented in the attached link.
The account that it is trying to logon as is your S User ID. For the developer edition, this works as this is your actual account for that system. I suspect that this is not the User ID that is being used for your other Jam instance. You need to make sure it is setup such that the correct user information is being passed through.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have made the identity provider link between HCP account and JAM demo instance, ie., I have made OAuth client configuration and also SAML IDP in JAM with HCP account details and also I have given the signing certificate of HCP local identity provider in my JAM demo instance. I have followed the instruction as per the course "Extending SAP Products with HANA cloud platform" in "OPENSAP". Still im getting the same error.
Should I register my HCP user account in Success Factor provisioning?
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.