I have got the SuccessFactors ODATA and SFAPI connection working using the offline SAML Generation method but I wanted to use the recommended SAML assertion via Azure.

I'm also following the SAP KBA 3301583 SAP SuccessFactors SAML Assertion format demonstration using MS Azure

I've got down to the testing. I can generate the JWT Token and generate a SAML assertion from MS Azure but on the third step I am stuck on the Test C Exchange token by the SAML assertion in HXM Suite.

Why do you think I am getting this error ? Unable to verify the signature of the SAML assertion. Please ensure that the assertion has a signature and the key pairs match the client ID

I am also wondering about that SAP KBA and the X509 - I am using the SuccessFactors Manage OAuth2 Client Application page - in the KBA they do not explain what to do with it - are you meant to just generate this or paste in something from Azure or do you even need the X509? If so what do you do with it.

Anyway my failed call with that error is as follows (although I am using POSTMAN do to the calls).

POST https://api68sales.successfactors.com/oauth/token

header Content-Type: application/x-www-form-urlencoded

with a body text of;

company_id=abc*************&client_id=NjZkNjM0MGExMD******************* &grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer &assertion=PEFzc2VydGlvbiBJRD0iXzE0***********************

This is the company_id & client_id from the SAP SuccessFactors Admin Centre page "Manage OAuth2 Client Application"

company_id: The company ID as seen in that SAP SuccessFactors page

client_id: The API key as seen in that SAP SuccessFactors page.

grant_type: Set to "urn:ietf:params:oauth:grant-type:saml2-bearer".

assertion: Enter the Base64-encoded assertion obtained from Generating a SAML Assertion - see Step B in that KBA