SAP Knowledge Base Article - Public

2825398 - Token-Based SSO users not able to login


  • SSO user is not able to login on SF
  • SSO configuration is token-based (MD5-based, SHA1-based, DES/3DES-based)


SAP SuccessFactors HCM Suite

Reproducing the Issue

SSO user attempts to login on the system but is not allowed to.


Each token-based SSO user will have their own URL to login. Login URL contain different parameters, meaning that some of them might need a refresh or the URL itself has expired.

Example of parameters: username, password, tklogin_key, expire, callerharsh


Generate a new login URL for the affected user(s) and ask them to clear their browser cookies and caches before attempting to login again.

NOTE: URL generation is responsibility of the customer side.


token-based, MD5-based, SHA1-based, DES/3DES-based, username, password, tklogin_key, expire, callerharsh , KBA , LOD-SF-PLT-SEL , SSO Errors & Logs , Problem


SAP SuccessFactors HXM Suite all versions