Skip to Content

SAP SFTP Adapter: A Quick Walkthrough

Many of us are now aware that SAP has released B2B and SFTP/PGP capabilities for SAP PI. Earlier, we had to depend upon third party vendors for this service but with SAP filling this gap, I strongly believe that PI is now in a better position to be provisioned and a true enterprise service bus.

I am one of those who have been waiting for a long time to see this as a standard feature from SAP and so I didnt lose any time to get myself to test the SFTP adapter 🙂

In this blog, I will try to walk you through the usage of the SAP SFTP adapter and some of the configuration parameters.

Lets go through the Sender SFTP adapter configurations in detail;


The two important parameters that you see above is the Server Fingerprint and Proxy. Since I am not using a proxy based connectivity, I have chosen No Proxy as the value. Now the question is how do we know what is the Server Fingerprint? One option might be to ask the SFTP server admin for that info but then an easier option might be to use a client like CoreFTP. Provide the server host, user and pwd and try to login via the client. You will then be prompted by a Pop Up as below and you should be able to get the required info 🙂


An interesting feature I have found in the SFTP adapter is the usage of regular expressions. For example, in the below screenshot you will see that I have used a pattern for the file name. This means that the adapter will process only files which starts with a digit. ex 0abc.txt, 6test.pdf etc. I really hope SAP will extend this feature to the standard File adapter also.


Another brilliant option is for checking duplicate files. This too needs to be added as a feature to the Standard File adapter as it is a very helpful option.


The result when I try to process the same file again if the option is checked is as below;


Apart from this the adapter also supports Archiving of the files and most importantly the ASMA properties.


Note: Additionally, the SFTP adapter also support private key based authentication. The SFTP server I have is not configured for such a test hence I was unable to run that scenario.


Note: The Receiver SFTP adapter is quite similar in terms of the configuration esp. around the server fingerprint etc and most of the other features are self explanatory.

Any Drawbacks? 

Well Hell yeah. Whatever happened to File Content Conversion? I was hoping that as we have it in the File adapter, it would have been a standard feature for using File content conversion as part of the adapter configuration. But apparently SAP has left that feature out (Why would the do that?). So this will mean that we will have to rely on the MessageTransformBean for such requirements.

You must be Logged on to comment or reply to a post.
  • Hi,


    Does it support normal File Content Conversion.  I believe third party adapters like Aeadaptive and Seeburger does support.  Does it have the same set of features like other vendors.


    Did you had a chance to look on Receiver SFTP Adapter as well?




    • just updated the blog with my thoughts on the FCC bit of things. About the receiver adapter, yes as i mentioned it is pretty straight forward and hence I havnt put up any detailed info. Hope this clarifies.

  • Nice blog Shabz...


    It might not be that important but heck, this darn thing gave me a headache...I was seeing green lights in the channel monitor for the sender SFTP channel, everything polling nicely but nothing being picked up! Maybe add to your blog, the Filename ONLY uses regular expressions.


    I guess I should have read the configuration guide more carefully, especially the section that said: "The input to the field is a regular expression."

  • Hi Shabarish,


    I need to use the Private Key as Authentication. I did not find any documentation on how the keys are stored and generated for both receiver and sender scenarios. Can you please help with any of the documentation to use this option specifically where to perform Key Generation and Key Storage?


    Thanks for your help!!

  • Shabz,


    Currently we are On PI 7.31SP4 ,but I don't see SFTP adapter in the list .Do you think we need to do any setup  for this.


    Your Reponse is greatly Appreciated.




  • Hi Shabarish,


    In SFTP 3.0 of, i got the option "Duration in minutes to keep a file duplicate " and the default value is 1440.


    do you know what is the feature?

    Is it means when a same file is found in the server, keep it 1440 mins?

  • Hi Shabarish,


    I read your blog above and it is very informative.


    I am currently working with a scenario for my project where I need to do a dynamic configuration for file name, also use SFTP adapter and post the message to SWIFTnet.


    Here is the description in detail:

    - SAP ECC sends me a message (encrypted payment + digital signature as attachments, enclosed in a SOAP envelop).

    - In PI (7.3) I receiver this message, do a dynamic config to generate the file name based on the SOAP message (from one particular field). I have used ASMA.

    - This message is then routed to another XI system (this is a global XI environment). Here I need to use SFTP receiver adapter and post the SOAP content as a zipped file onto SWIFT gateway.


         There is no mapping transformaiton required in this flow. It is passthrough interface.


    I was surfing the net and found "GetPayloadValueBean" and "PutPayloadValueBean" module parameters which is used to, 'extract values from the message and store them temporally in the module context' and 'enrich the message with values from a module context' respectively.


    However,  am unable to make any progress with this. My feeling is that if the "GetPayloadValueBean" and "PutPayloadValueBean" module parameters did the storeing of value and enriching it, then I would not require to do a Dynamic Configuration in the First XI box, rather create the file name dynamically at runtime.


    Note: due to few reasons we are not allowed to make any mapping in the second XI box.


    Somehow, there isn't much help on how to used these module parameters. Could you let me know if there is a way to use these module parameters in SFTP for my scenario.


    Thanks for your time in advance.



    Lakshmi Naik

    • did you try the ASMA feature?


      refer the documentation;


      Adapter specific message attributes

      Use Adapter-specific message attributes

      If you want to include the adapter-specific metadata with the file, select the Set adapterspecific message attributes checkbox.

      Enter the namespace in the text box and select other appropriate attributes. The other attributes include:

      • File name

      • Directory

      • Hi Shabarish,


        Thanks for your quick reply.


        I have used the ASMA. There has not been much use.


        Do you have any documentation for Receiver SFTP adapter and Module parameters that can be of any help. Or have you come accross this "GetPayloadValueBean" and "PutPayloadValueBean" module parameters.


        I get the following error:

        "MP: exception caught with cause Object not found in lookup of PutPayloadValueBean."



        Lakshmi Naik

        • Hi Lakshmi,


          I am facing a problem with ASMA for SFTP adapter. In mapping I placed the dynamic config. code for file and folder, but the receiver SFTP adapter is not able to pick these values even I set the ASMA and checked filename and folder.

          Could you please help me, what else I need to configure or do I miss anything.




  • Hi Shabarish,


    I have PI 7.31 with IDOC to SFTP working fine for two months in development environment, and now all interfaces works on Production enviroment.


    But now I have some issues in sftp adapter (sender and receiver): all message all in queue without end the transmission.

    I have restarted PI, Windows, start/stop channels but the issue is not solved.


    The sender sftp don't connect to the target server to get the files to be processed. The log still paused.


    The receiver sftp don't connect to target system to put the result message.


    And the message are in status to be delivered in Adapter Message Monitor

    • Hi Oscar,


          This can happen in two cases.


      •      The certificates deployed to connect via SFTP may be expired (or the user id - password is changed)
      •      The firewall is not open between the external system and SAP system.


           Please check these two things.



      Lakshmi Naik

  • I can  connect with Filezilla sFTP client and pageant with the same user/key from Windows Server in our PID. I think the problem is not in certificates.


    I remove some old message and the connections works to sFTP on my laptop.

    But resend another idoc from sap to PI the message remaint with status Delivering in Message Monitor. I think the issue is in the original sFTP target server, but now this message can't be cancelled.


  • /
  • The next lines are log in sFTP server when I can't transfer files from some days ago:


  UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - - UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user none" - - UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - - UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user none" - - UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - - UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user none" - - UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - - UNKNOWN sftp_user [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user publickey" - - UNKNOWN sftp_user [22/Jan/2013:15:33:29 +0100] "PASS (hidden)" - - UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - - UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user none" - - UNKNOWN sftp_user [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user publickey" - - UNKNOWN sftp_user [22/Jan/2013:15:33:29 +0100] "CHANNEL_OPEN session" - -

    • Hi Oscar,


           From the log above, it is clear that the issue is because of User Authentication.

      "USERAUTH_REQUEST sftp_user none" there is no authenttication available for the user id you are using to connect via SFTP adapter. I have had similar issue in the past and resolved it.


           Could you check it.



      Lakshmi Naik

      • "USERAUTH_REQUEST sftp_user none" The user sftp_user is the name of the sftp user to identificate in sftp server.


        In sftp server side the administrator tell me that no modifications of configuration made from the last year.


        I created another certificate and tested from PID to my sftp server (Bitvise SSH Server) and works fine.  With the updating of the user in the sftp server with the new certificate, the issue continues.

        I think the problem is in the sftp server, are you agree?

        • The same issue occurs with sftp and user/password without certificate. The next lines are the sftp server log:



          Jan 23 18:20:01 [28037] <ssh2:3>: received SSH_MSG_USER_AUTH_REQUEST = (50) packet

          Jan 23 18:20:01 [28037] <ssh2:10>: auth requested for user = 'sftp_user_test', service 'ssh-connection', using method 'password'

          Jan 23 18:20:01 [28037] <ssh2:3>: sent SSH_MSG_USER_AUTH_SUCCESS (52) = packet (32 bytes)

          Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet len   44 bytes

          Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet padding len   19 bytes

          Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet payload len   24 bytes

          Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet MAC len   16 bytes

          Jan 23 18:20:01 [28037] <ssh2:3>: received SSH_MSG_CHANNEL_OPEN (90) = packet

          Jan 23 18:20:01 [28037] <ssh2:8>: open of 'session' channel using remote =

          ID 4 requested: initial client window len   1048576 bytes, client max = packet size   16384 bytes

          Jan 23 18:20:01 [28037] <ssh2:8>: confirm open channel remote ID 4, = local ID 0: initial server window len 4294967295 bytes, server max =

          packet size   32768 bytes


          Jan 23 18:20:01 [28037] <ssh2:3>: sent SSH_MSG_CHANNEL_OPEN_CONFIRMATION = (91) packet (48 bytes)

          Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet len   44 bytes

          Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet padding len   16 bytes

          Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet payload len   27 bytes

          Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet MAC len   16 bytes

          Jan 23 18:20:01 [28037] <ssh2:3>: received SSH_MSG_CHANNEL_REQUEST (98) = packet

          Jan 23 18:20:01 [28037] <ssh2:7>: received 'subsystem' request for = channel ID 0, want reply   true

          Jan 23 18:20:01 [28037] <ssh2:3>: sent SSH_MSG_CHANNEL_SUCCESS (99) = packet (32 bytes)

          Jan 23 18:20:08 [4614] <ssh2:9>: sending CHANNEL_REQUEST (remote channel = ID 0,

          Jan 23 18:20:08 [4614] <ssh2:3>: sent SSH_MSG_CHANNEL_REQUEST (98) = packet (64 bytes)

          Jan 23 18:20:08 [4614] <ssh2:20>: SSH2 packet len   12 bytes

          Jan 23 18:20:08 [4614] <ssh2:20>: SSH2 packet padding len   6 bytes

          Jan 23 18:20:08 [4614] <ssh2:20>: SSH2 packet payload len   5 bytes

          Jan 23 18:20:08 [4614] <ssh2:20>: SSH2 packet MAC len   16 bytes

          Jan 23 18:20:08 [4614] <ssh2:3>: received SSH_MSG_CHANNEL_FAILURE (100) = packet

          Jan 23 18:20:08 [4614] <ssh2:12>: client sent SSH_MSG_CHANNEL_FAILURE = message, considering client alive

          Jan 23 18:20:12 [28037] <ssh2:20>: SSH2 packet len   44 bytes

          Jan 23 18:20:12 [28037] <ssh2:20>: SSH2 packet padding len   17 bytes

          Jan 23 18:20:12 [28037] <ssh2:20>: SSH2 packet payload len   26 bytes

          Jan 23 18:20:12 [28037] <ssh2:20>: SSH2 packet MAC len   16 bytes


          From the trace I see that the login via password was a success. But I see a CHANNEL_FAILURE coming from the client. And afterwards we are


          entering and endless loop of the following excerpt.=20

          Jan 23 18:20:12 [28037] <ssh2:3>: received SSH_MSG_GLOBAL_REQUEST (80) = packet

          Jan 23 18:20:12 [28037] <ssh2:3>: sent SSH_MSG_REQUEST_FAILURE (82) = packet (32 bytes)

          Jan 23 18:20:22 [28037] <ssh2:20>: SSH2 packet len   44 bytes

          Jan 23 18:20:22 [28037] <ssh2:20>: SSH2 packet padding len   17 bytes

          Jan 23 18:20:22 [28037] <ssh2:20>: SSH2 packet payload len   26 bytes

          Jan 23 18:20:22 [28037] <ssh2:20>: SSH2 packet MAC len   16 bytes

  • With user / password without certificate validation, the result have the same issue.

    I think isn't a firewall issue, because I can connect with filezilla from the operating system in PID, but I don't know exactly how PI make the connection .


    The firewall in Windows 2008 Server are disabled...

  • Hi Shabarish,

    I am facing an issue with with sender, when I use SAP*.TXT sender is not finding any files, how ever when tried your solution with [0-9].txt I can see files being picked up, any thoughts?




    • Check if the extension of your file is capsletter: SAP*.txt is not equal to SAP*.TXT for the adapter. If you use SAP*.txt files like SAP_mytextFILE.txt can be read by the adapter.

      • Does volume in folder makes any difference? I had more 1000 files with different dates, I tried to copy few files to some another directory and I saw files moving with [SAP].txt, but with same format nothing is picked from the folder which have large files.


        Thank you,