This document discusses the technical details of how SAP integration is done with Xoxoday.
STEP 1: SAP Client Registration
When SAP Client wants to integrate with us, we take Company Name, Super Admin Email ID
and register the company as SAP company (Company Account Type - 5) with the Consumer API manually (This is not automated yet).
After this registration, a reset password link is sent to Super Admin Email ID.
Here for SAP company (Company Account Type - 5), Only a few menus are assigned to Super Admin i.e., SAP API, SAML Metadata, and Verify Setup (PFA). The other Access Role Users (General Admin, Manager, User) will not have any menus assigned.
STEP 2: Update SAP API Parameters and SAML Metadata
The Super Admin should update all fields in SAP API parameters and SAML Metadata.
PFA, SAP API parameters are used for calling SAP APIs for SAP user details, SAP points, and point redemption APIs. SAP API Postman Collection.
We use these SAP API parameters and call the SAP API for fetching the user point balance and redeeming the points for purchasing the products on Xoxoday Stores.
SAML Metadata is used for setting up a login to authenticate the SAP user to directly login into stores.
Here is a brief explanation of how SAML SSO works between Xoxoday and SAP
Please refer to this to understand how the SAML process works.
For the SAML process to work there must be two providers (Service Provider - SP and Identity provider - IDP ) that exchange the metadata properties (EntityId, Assertion Consumer Service URL- ACS URL, signing certificate, etc.). Here Xoxoday acts as Service Provider and SAP acts as an Identity Provider.
So the SAP client must take the data of Service Provider information (EntityID, Assertion Consumer Service URL, etc) present on the SAML Metadata page and update it in the Client’s SAP dashboard. Similarly, the SAP client must update their Identity provider Information in the format of XML document on Xoxoday. The SAP Client can refer to this on how to retrieve their IDP metadata from their SAP client dashboard.
After exchanging metadata details between Xoxoday & SAP when the user clicks on the Redeem Flex Reward button the SAML process is initiated and based on the SAML payload we will validate and confirm the user against their IDP metadata and log in the user on Xoxoday Stores.
Verify Setup is used for validating setup of SAP API and SAML Metadata using SAP username.
STEP 3 - SAP User redirection to Stores for redemption.
For logging into the stores platform the SAP user clicks on Redeem Flex Reward on SAP Home Page. PFA.
After clicking the Redeem Flex Reward button, SAML Login process is initiated and SAML response is posted to AUTH API (https://staging.xoxoday.com/chef/sso/validate-saml) where the SAML response is validated against the Metadata updated in SAML Metadata by super admin.
After successful SAML authentication SAP user is redirected to Stores Home Page(https://stagingstores.xoxoday.com). PFA
After SAML Authentication and before the user is redirected to stores, the user is created/updated in the Xoxoday database using consumer API. The fields for the user updated are email, first name, and last name. After the user creates/updates using Consumer API the session is generated by AUTH API (where we store Third-Party Data along with token_info ) and redirected to Stores. Here the third-party data will contain SAP Username and SAP API parameters which are used for calling SAP user details, SAP points, and point redemption APIs. SAP API Postman Collection
SAP User Redirection to Stores Platform