SAP Knowledge Base Article - Public

2707915 - Non-SSO instances - Enforce POST Login - BizX Platform

Symptom

Customers can no longer access their instance in the same way as before. This is because GET Login Method has been retired

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SuccessFactors BizX Platform

Cause

Some customers in non-SSO instances have built their Usernames and Passwords into their Login URL's and then bookmarked them so that they could access SuccessFactors with a single click

Example:

https://performancemanager.successfactors.com/login?company=XXXXXX&username=YYYYYY&password=ZZZZZZ

This type of URL invokes GET login method which is insecure as the variables are built into the URL

Resolution

As of 1811 Release, we will retire non-SSO GET method for SuccessFactors login and enforce POST login method to protect customer's sensitive data

Customers who still use the GET method login with username and password embedded in the login URL will be redirected to the login page with an error message. Users have to input username and password manually for a successful login

Why is it important?

GET login is not secure and puts customers sensitive data at risk. The POST login method is more secure and protects customers sensitive data

Prerequisites

If customers used to use GET method login to do system integration with non-SSO, they should change the integration from GET to POST accordingly to avoid the login page redirection

Keywords

Retire GET method, Enforce POST, Non-SSO login , KBA , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-PLT-LPG , Log In Page Issues (Non SSO) , Product Enhancement

Product

SAP SuccessFactors HCM Suite all versions