A truly end to end Single Sign On!
Putting it all together.
I divided the SAP SuccessFactors Integration with OAuth2SAMLBearerAssertion authorization flow into the following two categories, namely:
|1. SAP SuccessFactors Integration with SAP BTP Destination service comprised of three instalments, namely:
2. SAP SuccessFactors without additional SAP BTP tie-in with the following instalment, namely:
Additionally, when a target resource cannot be hooked to an IdP, I may have found a way to help avoid using a system (technical) user with either the built-in destination service definition or when a saml bearer assertion is generated with custom code.
The approach consists of having a self-issued x509-signed JWT token representing a system user identity as described in the following blog post: Bring your self-made user JWT with Keycloak OIDC.