SAP SuccessFactors Integration with OAuth2SAMLBearerAssertion flow.

This authorization flow allows for propagation of a user’s identity [together with user’s authorizations] from any client application deployed anywhere all the way through to the asset management service (like SAP SuccessFactors in this instance).

A truly end to end Single Sign On!

Putting it all together.

I divided the SAP SuccessFactors Integration with OAuth2SAMLBearerAssertion authorization flow into the following four categories, namely:

Destination	Trip advisor
Latest news (25-05-2023) SAP SuccessFactors Integration using the SAP SuccessFactors extensibility service from Kyma environment.	SAP SuccessFactors extensibility easy with SAP BTP, Kyma runtime Extending SAP SuccessFactors in the Cloud Foundry and Kyma Environment \| SAP Help.
1. SAP SuccessFactors Integration with SAP BTP Destination service	with the default [destination service] trust: OAuth2SAMLBearerAssertion Flow with SAP BTP Destination Service. SAP SuccessFactors. bring your own trust: OAuth2SAMLBearerAssertion flow with SuccessFactors with Quovadis-SAP destination. Troubleshooting: How to troubleshoot SAP BTP OAuth2SAMLBearerAssertion destination with SuccessFactors?
2. SAP SuccessFactors *without* additional SAP BTP tie-in	How to generate SAML bearer assertion token for OAuth2SAMLBearerAssertion flow?
3. Additionally, when a target resource cannot be hooked to an IdP (e.g. an edge device) what might be an alternative to using a system (technical) user with either the built-in destination service definition or when a saml bearer assertion is generated with custom code?	The approach consists of having a self-issued x509-signed JWT token representing a system user identity as described in the following blog post: Bring your self-made user JWT with Keycloak OIDC.