This is a follow-up article to the following mini series of blogs on the OAuth2SAMLBearerAssertion Flow with the SAP BTP Destination Service.
The focus of this instalment is to discuss how to fully automate the implementation and the deployment of the OAuth2SAMLBearerAssertion flow with the Destination service APIs.
A. Using the default Destination Service trust
That’s the scenario covered in my original post: OAuth2SAMLBearerAssertion Flow with the SAP BTP Destination Service. SuccessFactors.
Leveraging the Destination Service Trust service simplifies the implementation of the entire OAuth2SAMLBearerAssertion flow, making it sort of out-of-the-box.
However there is one caveat to it, namely the trust (=the public X509 certificate key) has to be manually downloaded from the DestinationService GUI on the SAP BTP side.
Let’s see what it takes to use a custom X509 certificate key and whether the little inconvenience above is worth the effort below ?
B. Using the SuccessFactors generated X.509 key pair
Indeed, the Destination Service certificate APIs allow to manage your own key-stores with certificates and have them assigned to destinations programmatically.
Let’s see how this can be done with a custom trust (certificate) generated by SFSF.
a. Steps on the SFSF tenant side: Goto Admin