Before creating the driver object, you must generate the workday client ID and the end point token URL. It is also recommended to create a public key certificate prior to creating the client ID and token endpoint. The following sections explain the procedure to create a Public Key Certificate, and the Client ID and Token Endpoint.
The following steps explain the procedure to create a public key certificate:
Run the following keytool command on your platform:
keytool -genkey -keyalg RSA -alias Workday -keystore JWTkeystore.jks -storetype PKCS12 -storepass <Workday123!> -validity 360 -keysize 2048
NOTE:
The keytool command is common for both Linux and Windows platforms.
You must specify the storetype as PKCS12 as shown in the above keytool command.
Enter the following details when prompted:
First Name
Last Name
Organizational Unit
Organization
City
Province
Country Code
Enter Yes to confirm. The keystore file is created, for example: JWTkeystore.pkcs12.
Extract the public key and the certificate by entering the following command:
keytool -export -alias Workday -keystore JWTkeystore.jks -rfc -file publickey.cert
You will be prompted to enter the password. Enter the password to create the certificate, for example publickey.cert.
NOTE:The password does not display on the screen when entered. Ensure to remember the entered password or save it in a convenient location.
Run the following command, to display the certificate.
cat publickey.cert
Copy the certificate from the BEGIN CERTIFICATE line till END CERTIFICATE line, and save it in a convenient location.
Perform the following steps to generate the Client ID and Token Endpoint:
Login to Workday application.
Search and click on Register API Client.
In the Client Name field, enter the name of the client.
In the Client Grant Type field, select Jwt Bearer Grant.
In the x509 Certificate field, select Create x509 Public Key.
In the Create x509 Public Key page, enter your name and paste the certificate generated as shown in Creating x509 Public Key Certificate.
Select Access Token Type as Bearer.
Enter the Redirection URL. This could be your organization’s home page URL. For example, www.microfocus.com
Select the following Scope values from Workday REST API:
Contact Information
Integration
Jobs & Positions
Organizations & Roles
Personal Data
System
Tenant Non-configurable
Include Workday Owned Scope
Click OK to generate the Client ID and the Token Endpoint.
Save the Client ID and the Token Endpoint in a convenient location, as these values will be required to configure OAuth 2.0 authentication method for the Workday driver.