2144698 - SSO: Why does my URL Generation fail when completing SSO URL Generator for DES/3DES? - Platform

SAP Knowledge Base Article - Public

2144698 - SSO: Why does my URL Generation fail when completing SSO URL Generator for DES/3DES? - Platform

Symptom

Why does my URL Generation fail when completing SSO URL Generator for DES/3DES?

Problem

Why does my URL Generation fail when completing SSO URL Generator for DES/3DES?

Environment

  • Platform

Resolution

DES and 3DES each have two options for Transformation. If the incorrect one is selected compared to the setting in provisioning then the URL generated will fail to access. You must access the provisioning site of the instance and review the DES/3DES drop-down to determine if “DESede/CBC/PKCS5Padding” or “DESede/ECB/PKCS5Padding”

 

You would then use this respective value in the transformation section of the example below.

 

SSO URL Generator : (Example: -u <username> -p <password> -tk <token> -key <secretkey> -expire(optional) <expire> -url <urlprefix> -transformation <3des transformation> )

 

DES

 

ECB Transformation specified will give an ECB login

 

-u janedoe -p janedoe -tk 58742695843284 -key PdTzZyLnOgF73cDJ491nQrTs –url https://performancemanager4.successfactors.com/login? -transformation DESede/ECB/PKCS5Padding

 

Generates: http://localhost:8080/login?tklogin_key=&tklogin_key=58742695843284&company=XXXX&username=LqWhAGhcUHc%3D&password=LqWhAGhcUHc%3D&expire=h%2FUxi3IfgWDYxXzAjrxINUJ556ITdrT7(http://localhost:8080/login?tklogin_key=&tklogin_key=58742695843284&company=XXXX&username=LqWhAGhcUHc%3D&password=LqWhAGhcUHc%3D&expire=h%2FUxi3IfgWDYxXzAjrxINUJ556ITdrT7)

CBC Transformation needs to be specified to get a CBC login

 

-u janedoe -p janedoe -tk 58742695843284 -key PdTzZyLnOgF73cDJ491nQrTs –url https://performancemanager4.successfactors.com/login? -transformation DESede/BCB/PKCS5Padding

 

Generates: http://localhost:8080/login?tklogin_key=&tklogin_key=58742695843284&company=XXXX&username=null&password=null&expire=null (http://localhost:8080/login?tklogin_key=&tklogin_key=58742695843284&company=XXXX&username=null&password=null&expire=null)

 

3DES

 

ECB Transformation specified will give an ECB login

 

-u janedoe -p janedoe -tk 58742695843284 -key PdTzZyLnOgF73cDJ491nQrTs –url https://performancemanager4.successfactors.com/login? -transformation DESede/ECB/PKCS5Padding

Generates: http://localhost:8080/login?tklogin_key=&tklogin_key=58742695843284&company=XXXX&username=LqWhAGhcUHc%3D&password=LqWhAGhcUHc%3D&expire=h%2FUxi3IfgWDBzhjp%2BYNeQZjQu218ux4O(http://localhost:8080/login?tklogin_key=&tklogin_key=58742695843284&company=XXXX&username=LqWhAGhcUHc%3D&password=LqWhAGhcUHc%3D&expire=h%2FUxi3IfgWDBzhjp%2BYNeQZjQu218ux4O)

CBC Transformation needs to be specified to get a CBC login

 

-u janedoe -p janedoe -tk 58742695843284 -key PdTzZyLnOgF73cDJ491nQrTs –url https://performancemanager4.successfactors.com/login? -transformation DESede/BCB/PKCS5Padding

 

Generates: http://localhost:8080/login?tklogin_key=&tklogin_key=58742695843284&company=crocs&username=null&password=null&expire=null (http://localhost:8080/login?tklogin_key=&tklogin_key=58742695843284&company=crocs&username=null&password=null&expire=null)

 

NOTES

The Token and Key need to be gathered from the client.

(Key can be located in Provisioning by completed by right-clicking and option for View Source, then searching for: name=fbcomdet_comdet3des_key value=

Should then return: name=fbcomdet_comdet3des_key value="PdTzZyLnOgF73cDJ491nQrTs"

Keywords

KBA , LOD-SF-PLT , Foundational Capabilities & Tools , How To

Product

SAP SuccessFactors HCM Core all versions