SAP Knowledge Base Article - Public

2685282 - SHA-1 SSO - How it works! Building the link and making it work - BizX Platform

Symptom

Customer can't access SuccessFactors via SHA-1 SSO Login URL and wants to know how to build a working URL

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SuccessFactors BizX Platform

Resolution

SHA-1 SSO is based on 4 unique values which are entered into the SHA-1 Hash Algorithm to return a unique value

3 of these unique values plus the generated Hash value are then used to build the SSO Login URL

To obtain the Hash value, we need the following 4 values:

  • UsernameExample: testuser
  • Expiry - You can get this from the 'Show Version Information' timestamp. Just take the current timestamp value because as long as it is in the past at the time of Login, it will work. Example: 2018-08-22T15:43:31
  • Token KeyExample: sso (can be any value chosen by the customer)
  • Secret KeyExample: secret (can be any value chosen by the customer)

Using these variables, we generate our Hash value. There are many SHA-1 Hash Generators that can be found online with a simple search.

SHA-1 Hash Generator Entry Format:

<Username><Expiry><TokenKey><SecretKey>

testuser2018-08-22T15:43:31ssosecret

Hash Value Returned: 3BA57F0159C2E89D95A9DEF26F8C3B90E1E510B6

Building the Link: (example)

https://performancemanager5.successfactors.eu/login?username=testuser&tklogin_key=sso&company=XXXXXX&expire=2018-08-22T15:43:31&callerhash=3BA57F0159C2E89D95A9DEF26F8C3B90E1E510B6

Note: The Secret Key is not part of the URL. It is used to generate the Hash Value but it is stored in Provisioning.

SHA-1 SSO.png

Keywords

SHA-1, SHA-1 SSO, SHA-1 Login URL, Building SHA-1 Login URL , KBA , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-PLT-SAM , SAML SSO First Time Setup , How To

Product

SAP SuccessFactors HCM Suite all versions