Cookbook Integration of SuccessFactors Business Execution into SAP NetWeaver Portal via Single Sign-On

Target Audience _> System Administrators

CUSTOMER _>¤çGc ƒq«È~® ˆªà°Ø,rtë¡F–UdeyÎ

Document History

CAUTION Before you start the implementation, make sure you have the latest version of this document. For the latest version, see: http://service.sap.com/hcm Media Library – SuccessFactors Integration

The following table provides an overview of the most important document changes:

Version Date Description 1.00 2012-06-29 First released version 1.10 2012-07-06 ´ Note on SAP NetWeaver Portal version added to section Integrating SuccessFactors BizX in SAP NetWeaver Porta [page 19]l ´ List of deep links added to section Using Deep Links for SuccessFactors BizX [page 20] 1.20 2013-04-24 Sections added: ´ Configuring User Mapping [page 11] ´ Configuring SAP NetWeaver Portal 7.0x [page 12] ´ Enabling Authentication with Logon Tickets in the Identity Provider [page 13] ´ Tools for Troubleshooting [page 23] Sections updated: ´ Information about identity provider solution added to section Introduction [page 5] ´ Information about identical users in SAP NetWeaver Portal and SuccessFactors BizX removed from section Prerequisites [page 7] ´ Navigation specified in more detail in section Adding a Trusted Provider [page 10] ´ Information about option By Uploading Certificate Manually added to section Setting Up a Trusted System for SAP NetWeaver Portal 7.0x [page 12] ´ Section Collecting Additional Information [page 15] renamed ´ Information about use of downloaded certificate added to section Downloading a Certificate [page 15] ´ Information about use of logon URL corrected in section Identifying a Global Logon URL [page 15] ´ Information about testing added to section Creating a URL iView in SAP NetWeaver Portal [page 19] ´ Links added to section Using Deep Links for SuccessFactors BizX [page 20]

2/28 CUSTOMER 2013-04-24

Table of Contents

Chapter 1 Introduction ...... 5

Chapter 2 Prerequisites ...... 7

Chapter 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal ...... 9 3.1 Setting Up SAML 2.0 ...... 9 3.2 Adding a Trusted Provider ...... 10 3.3 Configuring User Mapping ...... 11 3.4 Configuring SAP NetWeaver Portal 7.0x ...... 12 3.4.1 Setting Up a Trusted System for SAP NetWeaver Portal 7.0x ...... 12 3.4.2 Enabling Authentication with Logon Tickets in the Identity Provider ...... 13

Chapter 4 Collecting Additional Information ...... 15 4.1 Downloading a Certificate ...... 15 4.2 Identifying a Provider Name ...... 15 4.3 Identifying a Global Logon URL ...... 15

Chapter 5 Configuring the SuccessFactors Provisioning Tool ...... 17 5.1 Adding a New SAML Asserting Party ...... 17 5.2 Activating the Integration ...... 17

Chapter 6 Integrating SuccessFactors BizX in SAP NetWeaver Portal ...... 19 6.1 Creating a URL iView in SAP NetWeaver Portal ...... 19 6.2 Using Deep Links for SuccessFactors BizX ...... 20

Chapter 7 Tools for Troubleshooting ...... 23

2013-04-24 CUSTOMER 3/28 This page is left blank for documents that are printed on both sides. 1 Introduction

1 Introduction

This document describes the steps necessary to establish a Single Sign-On connection between SAP NetWeaver Portal and Talent Management applications of SuccessFactors. For example, the user can use Single Sign-On to call SuccessFactors’ Compensation Management application from SAP NetWeaver Portal directly without having to log on again. For this, you need to make settings for SAP NetWeaver Portal and for SuccessFactors. Ensure that you have access to the required tools and have the necessary authorizations to make the settings. For more information, see the Prerequisites [page 7] section.

NOTE You can use any identity provider solution. The settings described in this document, however, are based on the assumption that you use SAP NetWeaver Portal as the identity provider for on- premise.

2013-04-24 CUSTOMER 5/28 This page is left blank for documents that are printed on both sides. 2 Prerequisites

2 Prerequisites

Information and Data Required From SuccessFactors Business Execution (SuccessFactors BizX) You need to obtain the following information about your SuccessFactors BizX system from your contact person at SuccessFactors: éë Digital certificate in the X.509 standard format éë SuccessFactors entity ID éë Consumer Service URL éë Optional global logout response handler URL éë Relay state (relative path of the application to which the incoming Security Assertion Markup Language (SAML) assertion should be redirected) éë Access to SuccessFactors Provisioning tool NOTE If you do not have access to the SuccessFactors Provisioning tool, ask your SuccessFactors contact person to make the necessary settings. For more information, see the Single Sign-On – Technical Specifications document provided by SuccessFactors.

General Requirements éë You need to have the authorization to make changes for your SAP NetWeaver Portal in SAP NetWeaver Administrator. NOTE To start SAP NetWeaver Administrator, enter the following address in a browser: http://:/nwa éë You need to have the authorization to make changes in the Content Administration area of your SAP NetWeaver Portal.

2013-04-24 CUSTOMER 7/28 This page is left blank for documents that are printed on both sides. 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal 3.1 Setting Up SAML 2.0 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal

You need SAP NetWeaver Identity Management to perform the steps described in this section. As this is only available as of Release 7.3x, you need to perform these steps in a SAP NetWeaver Application Server system landscape with Release 7.3x or higher. If you want to use SAP NetWeaver Application Server 7.3 as an SAML 2.0 identity provider, you also require the IDMFEDERATION software component, which is delivered with SAP NetWeaver Identity Management and SAP NetWeaver Single Sign-On. Your SAP NetWeaver Portal, however, can have a lower version. You can integrate it into the system landscape as a trusted system (see section Setting Up a Trusted System for SAP NetWeaver Portal 7.0x [page 12]).

3.1 Setting Up SAML 2.0 Procedure 1. Start SAP NetWeaver Administrator and choose Configuration Security Authentication and Single Sign- On . 2. Choose the SAML 2.0 tab. If you get the message that the system is not configured to support SAML 2.0, you need to enable SAML 2.0 or configure a new provider. To do this, proceed as follows: 1. Choose Enable SAML 2.0 Support. 2. Enter the following data: á> Provider Name: Specify a user-defined name, for example, SAPPortal731. á> Operational Mode: Select Identity Provider. 3. Choose Next. 4. Make the following settings for Signing Key Pair: 1. Choose Browse Create . 2. Enter the following data: á> Entity Name: Specify the name of the entity, for example, SAPPortal731. á> Store Certificates: Select this indicator. 3. Choose Next. 4. In the Common Name field, specify a name, for example, SAPPortal731. 5. Choose Finish OK .

2013-04-24 CUSTOMER 9/28 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal 3.2 Adding a Trusted Provider

5. Choose Next Finish . For more information about setting up SAML 2.0, see the Implementation Guide for SAP NetWeaver Identity Management Identity Provider. This guide is located in SAP Service Marketplace at http:// service.sap.com/instguides SAP NetWeaver SAP NetWeaver Single Sign-On Identity Provider . In particular, refer to section 3.1 of this guide.

3.2 Adding a Trusted Provider Procedure

Navigating to the Trusted Provider Section 1. Start SAP NetWeaver Administrator and choose Configuration Security Authentication and Single Sign- On . 2. Choose the SAML 2.0 tab. 3. Choose Trusted Providers.

Adding a Trusted Provider Add an entry to the list of trusted providers. To do this, proceed as follows: 1. Choose Add Manually . 2. In the Name field, enter the entity ID provided by SuccessFactors, for example, https:// www.sucessfactors.com. 3. Choose Next. 4. Select the signing certificate, for example, SAPPortal731-cert. To do this, proceed as follows: 1. Choose Browse. 2. Choose Import Entry. 3. Select the type X.509 Certificate and browse for the digital certificate provided by SuccessFactors BizX (see Prerequisites [page 7] section). 4. Choose Import. 5. Select the imported certificate and choose OK. 5. Repeat this procedure to select the same certificate as the encryption certificate. 6. Choose Next. 7. Add an assertion consumer service. To do this, proceed as follows: 1. Enter the following data: ‹^ Binding: Choose HTTP POST. ‹^ Location URL: Specify the Consumer Service URL provided by SuccessFactors, for example, https://systemname.com/saml2/SAMLAssertionConsumer?company=ACE1234. 2. Choose OK. 8. Choose Next.

10/28 CUSTOMER 2013-04-24 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal 3.3 Configuring User Mapping

9. Optionally, add a single log-out service. To do this, proceed as follows: 1. Enter the following data: ÿÑ Binding: Choose HTTP Redirect. ÿÑ Location URL: Specify the optional global logout response handler URL provided by SuccessFactors, for example, https://systemname.com/saml2/ LogoutServiceHTTPRedirectResponse?company=ACE1234. 2. Choose OK. 10. Choose Next Finish .

Adding a Supported Name ID Format Add an entry to the list of supported name ID formats for the trusted provider you have added. To do this, proceed as follows: 1. Select the trusted provider (for example, https://www.sucessfactors.com) and choose the Identity Federation tab. 2. Choose Add. 3. Enter the following data: ÿÑ Format Name: Choose Unspecified. ÿÑ Source Name: Choose Logon ID. 4. Choose OK.

Activating the Trusted Provider Save and activate the trusted provider you have added. To do this, proceed as follows: 1. Select the trusted provider (for example, https://www.sucessfactors.com) and choose Save. 2. Choose Enable.

3.3 Configuring User Mapping If the users in SAP NetWeaver Portal and SuccessFactors BizX are not identical, you can configure a user mapping in the identity provider.

NOTE The SuccessFactors BizX user ID has to be available as a user attribute in the User Management Engine (UME) of the identity provider.

Procedure 1. Start SAP NetWeaver Administrator and choose Configuration Security Authentication and Single Sign- On . 2. Choose the SAML 2.0 tab. 3. Choose Trusted Providers.

2013-04-24 CUSTOMER 11/28 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal 3.4 Configuring SAP NetWeaver Portal 7.0x

4. Select the trusted provider you have added for SuccessFactors BizX (see Adding a Trusted Provider [page 10]) and choose the Identity Federation tab. 5. Select the source User Attribute and add the attribute sfuserid.

3.4 Configuring SAP NetWeaver Portal 7.0x You only need to perform the steps described in this section if your version of SAP NetWeaver Portal is lower than Release 7.3x. In this case, the identity provider cannot be deployed on the SAP NetWeaver Portal system. Instead, a SAP NetWeaver Application Server system landscape with Release 7.3x or higher is used. The users will therefore first verify their credentials in the SAP NetWeaver Portal 7.0x system and then navigate to the identity provider to get an SAML 2.0 assertion to access the SuccessFactors BizX system. To establish single sign-on between SAP NetWeaver Portal 7.0x and the identity provider, you can use the logon ticket that SAP NetWeaver Portal 7.0x issues as standard. This cookie is returned as a domain cookie with the name MYSAPSSO2.

NOTE Both systems, SAP NetWeaver Portal 7.0x and the SAP NetWeaver Application Server 7.3x, have to be in the same domain so that the cookie can be sent to the identity provider.

3.4.1 Setting Up a Trusted System for SAP NetWeaver Portal 7.0x Procedure 1. Start SAP NetWeaver Administrator and choose Configuration Security Trusted System . 2. On the Single Sign-On with SAP Logon Tickets tab, choose Add Trusted System By Querying Trusted System . NOTE If you have exported the certificate, you can also use the option By Uploading Certificate Manually. 3. In the dialog box displayed by SAP NetWeaver Administrator, choose Cancel. 4. Enter the following data: z Type: Select Java. z Scheme: Select HTTPS. z Host Name: Specify your SAP NetWeaver 7.0x Portal, for example, vmw4906.wdf.sap.corp. z Port: Specify the port, for example, 50001. z User: Specify your SAP user ID. z Password: Enter your password.

12/28 CUSTOMER 2013-04-24 3 Configuring Security Assertion Markup Language (SAML) 2.0 in SAP NetWeaver Portal 3.4 Configuring SAP NetWeaver Portal 7.0x

5. Choose Next Finish .

3.4.2 Enabling Authentication with Logon Tickets in the Identity Provider As the standard option, the identity provider accepts authentication with the user name and password. To enable authentication using logon tickets, proceed as follows:

Procedure 1. Start SAP NetWeaver Administrator and choose Configuration Security Authentication and Single Sign- On . 2. Choose the SAML 2.0 tab. 3. Choose Local Provider. 4. Choose Edit. 5. In the Supported Authentication Contexts screen area, select the entry SAP Logon Ticket. 6. Choose Copy to Default HTTPS Authentication Contexts . 7. Save your changes.

Result The entry SAP Logon Ticket is added to the list of default HTTPS authentication contexts.

2013-04-24 CUSTOMER 13/28 This page is left blank for documents that are printed on both sides. 4 Collecting Additional Information 4.1 Downloading a Certificate 4 Collecting Additional Information

4.1 Downloading a Certificate Procedure 1. Start SAP NetWeaver Administrator and choose Configuration Security Certificates and Keys . 2. On the Key Storage tab, under Content, select the entry SAML 2.0. 3. On the View Entries tab, select the entry SAPPortal731-cert and choose Export Entry. 4. Select the export format Base64 X.509 and choose Download. 5. Store the certficate. 6. Change the file format ending of the stored certificate into .txt. 7. Open the TXT file to check it, then close it again so that you have it available when you configure the SuccessFactors Provisioning tool.

4.2 Identifying a Provider Name Procedure 1. Start SAP NetWeaver Administrator and choose Configuration Security Authentication and Single Sign- On . 2. Choose the SAML 2.0 tab. 3. Copy the entry displayed in the Provider Name field, for example, SAPPortal731. 4. Store the provider name in a suitable document so that you have it available when you configure the SuccessFactors Provisioning tool.

4.3 Identifying a Global Logon URL Procedure 1. Start SAP NetWeaver Administrator and choose Configuration Security Authentication and Single Sign- On . 2. Choose the SAML 2.0 tab. 3. Choose the Identity Provider Settings tab. 4. Under Single Log-Out Service (SLO), copy the entry displayed in the Endpoint URL field, for example, https://vmw4951.wdf.sap.corp:5001/saml2/idp/slo. 5. Store the URL in a suitable document so that you have it available when you create an iView in SAP NetWeaver Portal.

2013-04-24 CUSTOMER 15/28 This page is left blank for documents that are printed on both sides. 5 Configuring the SuccessFactors Provisioning Tool 5.1 Adding a New SAML Asserting Party 5 Configuring the SuccessFactors Provisioning Tool

5.1 Adding a New SAML Asserting Party Procedure 1. Start the SuccessFactors Provisioning tool and select your company. 2. Choose Single Sign-On (SSO) Settings. 3. Under For SAML based SSO, select SAML v2 SSO. The SAML Asserting Parties(IdP) section is displayed. 4. Enter the following data: ’" SAML Asserting Party Name: Enter a unique identifier, for example, ACE1234. ’" SAML Issuer: Specify the provider name you have identified (see Identifying a Provider Name [page 15]), for example, SAPPortal731. ’" Relaying Party Description: Enter Localhost. ’" Require Assertion Signature: Choose Yes. ’" Enable SAML Flag: Choose Enabled. ’" SAML Verifying Certificate: Paste the SAP certificate you have downloaded (see Downloading a Certificate [page 15]) and add the following information: ’" Above the pasted text: -----BEGIN CERTIFICATE----- ’" Below the pasted text: -----END CERTIFICATE----- ’" At the beginning of the SAML Asserting Parties(IdP) section, choose Add an asserting party.

Result The SAML asserting party you have added is available in the dropdown list at the beginning of the SAML Asserting Parties(IdP) section.

5.2 Activating the Integration Procedure 1. Start the SuccessFactors Provisioning tool and select your company. 2. Choose Single Sign-On (SSO) Settings. 3. Under Single Sign On Features, enter a user-defined token in the Reset Token field, for example, 123. 4. Choose Save Token.

2013-04-24 CUSTOMER 17/28 5 Configuring the SuccessFactors Provisioning Tool 5.2 Activating the Integration

NOTE To disable single sign-on, leave the Reset Token field empty and choose Save Token.

18/28 CUSTOMER 2013-04-24 6 Integrating SuccessFactors BizX in SAP NetWeaver Portal 6.1 Creating a URL iView in SAP NetWeaver Portal 6 Integrating SuccessFactors BizX in SAP NetWeaver Portal

Perform the steps described in this section in the SAP NetWeaver Portal that you use to edit your portal roles. The portal can be version 7.0x or above.

6.1 Creating a URL iView in SAP NetWeaver Portal Procedure

Creating an iView 1. Go to the Content Administration area of your SAP NetWeaver Portal. 2. Create a URL iView and enter the following data for it: ®% URL: Specify your SAP NetWeaver Portal, for example, https://vmw4951.wdf.sap.corp: 5001, and add /saml2/idp/sso (see Identifying a Global Logon URL [page 15]). ®% saml2sp: Specify the entity ID provided by SuccessFactors, for example, https:// www.sucessfactors.com. ®% RelayState: Specify the relay state provided by SuccessFactors.

NOTE You can also create the URL manually by specifying PORTAL, ENTITY, and RELAYSTATE in the following way: https://PORTAL/saml2/idp/sso?saml2sp=ENTITY&RelayState=RELAYSTATE.

RECOMMENDATION Use a URL encoder to encode the parameters.

Testing the iView 1. Log on with a user that has accounts in SAP NetWeaver Portal and SuccessFactors BizX. 2. Navigate to the iView. 3. Check, for example, the following: ®% Can you change the iView options? ®% Can you open SuccessFactors BizX in a new browser window?

2013-04-24 CUSTOMER 19/28 6 Integrating SuccessFactors BizX in SAP NetWeaver Portal 6.2 Using Deep Links for SuccessFactors BizX

6.2 Using Deep Links for SuccessFactors BizX If you create the URL as described in the section Creating a URL iView in SAP NetWeaver Portal [page 19], it is possible that the user will be directed to the home page of SuccessFactors BizX. You can use deep links instead so that the user is directed to the required area.

Procedure 1. Create the URL as described in the Creating a URL iView in SAP NetWeaver Portal section. 2. For the RelayState parameter, specify the base URL provided by SuccessFactors, for example:  To redirect the user to the Compensation Forms area, specifiy RelayState=/sf/compforms.  To redirect the user to the Succession Org Chart area, specifiy RelayState=/sf/smorgchart.

More Information The following table shows a list of existing deep links to SuccessFactors applications.

Base URL (SAML) Description Parameters Example (SAML) /sf/pmreviews/ Takes the user to the Performance N/A RelayState=/sf/ tab to see all Performance pmreviews Management review forms. /sf/processforms/ Takes the user to the Process tab N/A RelayState=sf/ to see all process forms. processforms /sf/goals/ Takes the user to the Objectives tab N/A RelayState=/sf/goals to see all goals. /sf/liveprofile/ Takes the user to the Public selecteduser (optional) RelayState=/sf/ Profile page in the employee files. = user system ID liveprofile or RelayState=/sf/ NOTE liveprofile? Use this link only in V11. selecteduser=lhadley1 /sf/scorecard/ Takes the user to the Scorecard N/A RelayState=sf/ page in the employee files. scorecard

NOTE Use this link only in V11. /sf/smorgchart/ Takes the user to the Succession Org N/A RelayState=sf/ Chart. smorgchart /sf/express/ Takes the user to PE Express. N/A RelayState=/sf/express /sf/recruiting Takes the user to the Recruiting N/A RelayState=/sf/ landing page. recruiting /sf/recruiting/ Takes the user to the Events page. N/A RelayState=/sf/ events recruiting/events /sf/recruiting/ Takes the user to the Job N/A RelayState=/sf/ jobreqsummary Requisitions Summary. recruiting/ jobreqsummary /sf/recruiting/ Takes the user to the Sources page. N/A RelayState= sources

20/28 CUSTOMER 2013-04-24 6 Integrating SuccessFactors BizX in SAP NetWeaver Portal 6.2 Using Deep Links for SuccessFactors BizX

Base URL (SAML) Description Parameters Example (SAML) /sf/recruiting/ Takes the user to the Preferences N/A RelayState=/sf/ preferences page. recruiting/preferences /sf/recruiting/ Takes the user to the Candidates N/A RelayState=/sf/ candidates page. recruiting/candidates /sf/recruiting/ Takes the user to the Interview N/A RelayState=/sf/ interviewcentral Central page. recruiting/ interviewcentral /sf/recruiting/ Takes the user to the Help. N/A RelayState=/sf/ recruitinghelp recruiting/ recruitinghelp /sf/careers Takes the user to the Careers N/A RelayState=/sf/careers landing page. /sf/careers/ Takes the user to the Job N/A RelayState=/sf/ jobapplications Applications page. careers/ jobapplications /sf/careers/ Takes the user to the Job Search N/A RelayState=/sf/ jobsearch page. careers/jobsearch /sf/careers/ Takes the user to the Job Alerts N/A RelayState=/sf/ jobalerts page. careers/jobalerts /sf/careers/ Takes the user to the Saved Jobs N/A RelayState=/sf/ savedjobs page. careers/savedjobs /sf/careers/ Takes the user to My Candidate N/A RelayState=/sf/ mycandprofile Profile. careers/mycandprofile /sf/careers/ Takes the user to the Saved N/A RelayState=/sf/ savedapplications Applications page. careers/ savedapplications /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ jobreqsummary/new Job Requisitions Create New . recruiting/ jobreqsummary/new /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ jobreqsummary/ Job Requisitions Reports . recruiting/ reports jobreqsummary/reports /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ jobreqsummary/ Job Requisitions Offer recruiting/ offerapprovals Approvals . jobreqsummary/ offerapprovals /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ events/new Events Create New . recruiting/events/new /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ events/reports Events Reports . recruiting/events/ reports /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ events/ Events Offer Approvals . recruiting/events/ offerapprovals offerapprovals

2013-04-24 CUSTOMER 21/28 6 Integrating SuccessFactors BizX in SAP NetWeaver Portal 6.2 Using Deep Links for SuccessFactors BizX

Base URL (SAML) Description Parameters Example (SAML) /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ preferences/ Preferences My Saved recruiting/ mysavedques Questions . preferences/ mysavedques /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ preferences/ Preferences My Recruiting Team recruiting/ myrecteam Preferences . preferences/myrecteam /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ preferences/ Preferences My Saved Rating recruiting/ mysavedratings Scales . preferences/ mysavedratings /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ candidates/search Candidates Search . recruiting/candidates/ search /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ candidates/ Candidates Saved Search . recruiting/candidates/ savedsearches savedsearches /sf/recruiting/ Takes the user to Recruiting N/A RelayState=/sf/ interviewcentral/ Interview Central Opened . recruiting/ open interviewcentral/open /sf/careers/ Takes the user to Careers N/A RelayState=/sf/ empreferrals Employee Referrals . careers/empreferrals /sf/careers/ Takes the user to Careers N/A RelayState=/sf/ rmkempreferrals RMK Employee Referrals . careers/ rmkempreferrals /sf/recruiting/ Takes the user to Recruiting = job requisition RelayState=/sf/ jobreqsummary? Job Requisitions specifying the ID recruiting/ reqid= job requisition ID. jobreqsummary? reqid=2361 /sf/recruiting/ Takes the user to Recruiting = event ID RelayState=/sf/ events? Events specifying the event recruiting/events? eventid= ID. eventid=7342 /sf/careers/ Takes the user to Careers Job = job requisition RelayState=/sf/ jobsearch? Search specifying the job ID careers/jobsearch? reqid= requisition ID. reqid=2361

NOTE The URL-based link to the integrated SuccessFactors/Cubetree environment is established with the referer value (for example, &refer=http://www.cubetree.com/c/AZQuartzTest.com/auth/ status). This logs you into Cubetree directly without first displaying the SuccessFactors home page.

22/28 CUSTOMER 2013-04-24 7 Tools for Troubleshooting

7 Tools for Troubleshooting

You can use the following tools:

Security Troubleshooting Wizard in SAP NetWeaver Application Server Java 7.3 For more information, see SAP Note 1332726.

Web Diagnostic Tool in SAP NetWeaver Portal 7.0x For more information, see SAP Note 1045019.

SSO Log Viewer in the SuccessFactors Provisioning Tool The SSO Log Viewer lists failed single sign-on attempts. The link to the SSO Log Viewer is in the Provisioning Tool, at the end of the Single Sign-On (SSO) Settings page.

2013-04-24 CUSTOMER 23/28

Typographic Conventions

Example Description Angle brackets indicate that you replace these words or characters with appropriate entries to make entries in the system, for example, “Enter your ”. Example Arrows separating the parts of a navigation path, for example, menu options Example Example Emphasized words or expressions Example Words or characters that you enter in the system exactly as they appear in the documentation http://www.sap.com Textual cross-references to an internet address /example Quicklinks added to the internet address of a homepage to enable quick access to specific content on the Web 123456 Hyperlink to an SAP Note, for example, SAP Note 123456 Example Ê¥ Words or characters quoted from the screen. These include field labels, screen titles, pushbutton labels, menu names, and menu options. Ê¥ Cross-references to other documentation or published works Example Ê¥ Output on the screen following a user action, for example, messages Ê¥ Source code or syntax quoted directly from a program Ê¥ File and directory names and their paths, names of variables and parameters, and names of installation, upgrade, and database tools EXAMPLE Technical names of system objects. These include report names, program names, transaction codes, database table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE EXAMPLE Keys on the keyboard

24/28 CUSTOMER 2013-04-24 SAP AG Dietmar-Hopp-Allee 16 69190 Walldorf Germany T +49/18 05/34 34 34 F +49/18 05/34 34 20 www.sap.com

© Copyright 2013 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. , Windows, Excel, Outlook, PowerPoint, Silverlight, and Visual Studio are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, z10, z/VM, z/ OS, OS/390, zEnterprise, PowerVM, Power Architecture, Power Systems, POWER7, POWER6+, POWER6, POWER, PowerHA, pureScale, PowerPC, BladeCenter, System Storage, Storwize, XIV, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner, WebSphere, Tivoli, Informix, and Smarter Planet are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the United States and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are trademarks or registered trademarks of Adobe Systems Incorporated in the United States and other countries. Oracle and Java are registered trademarks of Oracle and its affiliates. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems Inc. HTML, XML, XHTML, and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Apple, App Store, iBooks, iPad, iPhone, iPhoto, iPod, iTunes, Multi-Touch, Objective-C, Retina, Safari, Siri, and Xcode are trademarks or registered trademarks of Apple Inc. IOS is a registered trademark of Cisco Systems Inc. RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold, BlackBerry Pearl, BlackBerry Torch, BlackBerry Storm, BlackBerry Storm2, BlackBerry PlayBook, and BlackBerry App World are trademarks or registered trademarks of Research in Motion Limited. Google App Engine, Google Apps, Google Checkout, Google Data API, Google Maps, Google Mobile Ads, Google Mobile Updater, Google Mobile, Google Store, Google Sync, Google Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik and Android are trademarks or registered trademarks of Google Inc. INTERMEC is a registered trademark of Intermec Technologies Corporation. Wi-Fi is a registered trademark of Wi-Fi Alliance. Bluetooth is a registered trademark of Bluetooth SIG Inc. Motorola is a registered trademark of Motorola Trademark Holdings LLC. Computop is a registered trademark of Computop Wirtschaftsinformatik GmbH. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, SAP HANA, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, , Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase Inc. Sybase is an SAP company.

2013-04-24 CUSTOMER 25/28 Crossgate, m@gic EDDY, B2B 360°, and B2B 360° Services are registered trademarks of Crossgate AG in Germany and other countries. Crossgate is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies (“SAP Group”) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

Disclaimer Some components of this product are based on Java™. Any code change in these components may cause unpredictable and severe malfunctions and is therefore expressly prohibited, as is any decompilation of these components. Any Java™ Source Code delivered with this product is only to be used by SAP’s Support Services and may not be modified or altered in any way.

Documentation in the SAP Service Marketplace You can find this document at the following address: http://service.sap.com/hcm

26/28 CUSTOMER 2013-04-24

SAP AG Dietmar-Hopp-Allee 16 69190 Walldorf Germany T +49/18 05/34 34 34 F +49/18 05/34 34 20 www.sap.com

© Copyright 2013 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.