SAP Knowledge Base Article - Public

2144751 - SSO: SuccessFactors Requires an x509 Certificate when configuring SAML SSO Installations - Plaform


Customers must provide a valid x509 Certificate when setting up SAML SSO (


  • Platform


According to the SAML2.0 specification, the SAML2.0 Login Response and/or the Assertion should be signed by digital certificates. In order for SuccessFactors to verify a SAML Login Response, the X509 certificate is required from the customer. The same X509 certificate will be used to verify the signed inbound SAML2.0 Logout Response message.


Our screen in provisioning will only accept a basic txt file with

 "-----BEGIN CERTIFICATE-----" [certificate detail] "-----END CERTIFICATE-----"


SuccessFactors will accept the X509 certificate in PEM or .txt format We can also extract the certificate if the customer provides their metadata.xml file.


KBA , LOD-SF-PLT , Foundational Capabilities & Tools , How To


SAP SuccessFactors HCM Core all versions