This post was originally published on this site
SuccessFactors consultants and developers are often using the /oauth/idp endpoint the generate the assertion and consequently use the assertion in an additional request to obtain an access token.
This endpoint is now deprecated and will be removed in the near future. It’s good to point out that although Postman supports many flavours of OAuth, it does not support the OAuth 2.0 SAML bearer assertion flow that is used by SAP SuccessFactors HXM Suite.
Let’s look at some alternatives:
Use basic authentication should not even be considered as an option Use an offline assertion generator cumbersome to switch between instances/identities Swap out Postman for to a different API testing tool, like Insomnia for which there exists a plugin developed by Eder Torres de Souza might a big ask to step away from a tool that is already familiar for many
I decided to find and eventually develop a solution that could work for Postman and in general help me to manage the required SAML assertion keys.
Let me introduce you to ‘sf-oauth‘
It’s a cross-platform cli utility featuring:
Generate a new key pair Check certificate validity Generate assertion
