SAP SFTP Adapter: A Quick Walkthrough
Many of us are now aware that SAP has released B2B and SFTP/PGP capabilities for SAP PI. Earlier, we had to depend upon third party vendors for this service but with SAP filling this gap, I strongly believe that PI is now in a better position to be provisioned and a true enterprise service bus.
I am one of those who have been waiting for a long time to see this as a standard feature from SAP and so I didnt lose any time to get myself to test the SFTP adapter 🙂
In this blog, I will try to walk you through the usage of the SAP SFTP adapter and some of the configuration parameters.
Lets go through the Sender SFTP adapter configurations in detail;
The two important parameters that you see above is the Server Fingerprint and Proxy. Since I am not using a proxy based connectivity, I have chosen No Proxy as the value. Now the question is how do we know what is the Server Fingerprint? One option might be to ask the SFTP server admin for that info but then an easier option might be to use a client like CoreFTP. Provide the server host, user and pwd and try to login via the client. You will then be prompted by a Pop Up as below and you should be able to get the required info 🙂
An interesting feature I have found in the SFTP adapter is the usage of regular expressions. For example, in the below screenshot you will see that I have used a pattern for the file name. This means that the adapter will process only files which starts with a digit. ex 0abc.txt, 6test.pdf etc. I really hope SAP will extend this feature to the standard File adapter also.
Another brilliant option is for checking duplicate files. This too needs to be added as a feature to the Standard File adapter as it is a very helpful option.
The result when I try to process the same file again if the option is checked is as below;
Apart from this the adapter also supports Archiving of the files and most importantly the ASMA properties.
Note: Additionally, the SFTP adapter also support private key based authentication. The SFTP server I have is not configured for such a test hence I was unable to run that scenario.
Note: The Receiver SFTP adapter is quite similar in terms of the configuration esp. around the server fingerprint etc and most of the other features are self explanatory.
Any Drawbacks?
Well Hell yeah. Whatever happened to File Content Conversion? I was hoping that as we have it in the File adapter, it would have been a standard feature for using File content conversion as part of the adapter configuration. But apparently SAP has left that feature out (Why would the do that?). So this will mean that we will have to rely on the MessageTransformBean for such requirements.
Hi,
Does it support normal File Content Conversion. I believe third party adapters like Aeadaptive and Seeburger does support. Does it have the same set of features like other vendors.
Did you had a chance to look on Receiver SFTP Adapter as well?
Regards,
Anandh.B
just updated the blog with my thoughts on the FCC bit of things. About the receiver adapter, yes as i mentioned it is pretty straight forward and hence I havnt put up any detailed info. Hope this clarifies.
Nice blog Shabz...
It might not be that important but heck, this darn thing gave me a headache...I was seeing green lights in the channel monitor for the sender SFTP channel, everything polling nicely but nothing being picked up! Maybe add to your blog, the Filename ONLY uses regular expressions.
I guess I should have read the configuration guide more carefully, especially the section that said: "The input to the field is a regular expression."
Hi Shabarish,
Thank you so much for introducing us to the SFTP adapter features.
Regards
Anupam
Hi Shabarish,
I need to use the Private Key as Authentication. I did not find any documentation on how the keys are stored and generated for both receiver and sender scenarios. Can you please help with any of the documentation to use this option specifically where to perform Key Generation and Key Storage?
Thanks for your help!!
Shabz,
Currently we are On PI 7.31SP4 ,but I don't see SFTP adapter in the list .Do you think we need to do any setup for this.
Your Reponse is greatly Appreciated.
Thanks,
Madhu
Hi Madhusudhan Honnappa,
SFTP is part of B2B add on. I believe it will involve additional licensing cost and you need to install the add on before you can use it. Shabarish Vijayakumar please feel free to add your thoughts.
You'll probably need to download the installation guide & ESR/XI Content from SAP Service Marketplace first Madhu. Once the XI Content (containing the SFTP adapter metadata) is imported into your ESR, you will see the SFTP adapter in your directory.
There is no additional cost for SFTP or PGP functionality. The B2B and SFTP add-on's are separate, I recall an additional cost for the B2B functionality only.
http://scn.sap.com/community/b2b-integration/blog/2012/03/30/new-add-ons-b2b-and-sftp-pgp-for-sap-netweaver-process-orchestration-released-and-available
do have a look at this blog to understand how you can install the adapters on your server.
PGP and SFT solution is free from SAP but the B2B add on has license implications
Hi Shabarish,
In SFTP 3.0 of advantco.com, i got the option "Duration in minutes to keep a file duplicate " and the default value is 1440.
do you know what is the feature?
Is it means when a same file is found in the server, keep it 1440 mins?
Hi Shabarish,
I read your blog above and it is very informative.
I am currently working with a scenario for my project where I need to do a dynamic configuration for file name, also use SFTP adapter and post the message to SWIFTnet.
Here is the description in detail:
- SAP ECC sends me a message (encrypted payment + digital signature as attachments, enclosed in a SOAP envelop).
- In PI (7.3) I receiver this message, do a dynamic config to generate the file name based on the SOAP message (from one particular field). I have used ASMA.
- This message is then routed to another XI system (this is a global XI environment). Here I need to use SFTP receiver adapter and post the SOAP content as a zipped file onto SWIFT gateway.
There is no mapping transformaiton required in this flow. It is passthrough interface.
I was surfing the net and found "GetPayloadValueBean" and "PutPayloadValueBean" module parameters which is used to, 'extract values from the message and store them temporally in the module context' and 'enrich the message with values from a module context' respectively.
However, am unable to make any progress with this. My feeling is that if the "GetPayloadValueBean" and "PutPayloadValueBean" module parameters did the storeing of value and enriching it, then I would not require to do a Dynamic Configuration in the First XI box, rather create the file name dynamically at runtime.
Note: due to few reasons we are not allowed to make any mapping in the second XI box.
Somehow, there isn't much help on how to used these module parameters. Could you let me know if there is a way to use these module parameters in SFTP for my scenario.
Thanks for your time in advance.
Regards,
Lakshmi Naik
did you try the ASMA feature?
refer the documentation;
Adapter specific message attributes
Use Adapter-specific message attributes
If you want to include the adapter-specific metadata with the file, select the Set adapterspecific message attributes checkbox.
Enter the namespace in the text box and select other appropriate attributes. The other attributes include:
• File name
• Directory
Hi Shabarish,
Thanks for your quick reply.
I have used the ASMA. There has not been much use.
Do you have any documentation for Receiver SFTP adapter and Module parameters that can be of any help. Or have you come accross this "GetPayloadValueBean" and "PutPayloadValueBean" module parameters.
I get the following error:
"MP: exception caught with cause com.sap.engine.services.jndi.persistent.exceptions.NameNotFoundException: Object not found in lookup of PutPayloadValueBean."
Regards,
Lakshmi Naik
Hi Lakshmi,
I am facing a problem with ASMA for SFTP adapter. In mapping I placed the dynamic config. code for file and folder, but the receiver SFTP adapter is not able to pick these values even I set the ASMA and checked filename and folder.
Could you please help me, what else I need to configure or do I miss anything.
Regards,
Sri
Hi Shabarish,
Archive file doesn't work in SFTP!
Hi Shabarish,
I have PI 7.31 with IDOC to SFTP working fine for two months in development environment, and now all interfaces works on Production enviroment.
But now I have some issues in sftp adapter (sender and receiver): all message all in queue without end the transmission.
I have restarted PI, Windows, start/stop channels but the issue is not solved.
The sender sftp don't connect to the target server to get the files to be processed. The log still paused.
The receiver sftp don't connect to target system to put the result message.
And the message are in status to be delivered in Adapter Message Monitor
Hi Oscar,
This can happen in two cases.
Please check these two things.
Regards,
Lakshmi Naik
I can connect with Filezilla sFTP client and pageant with the same user/key from Windows Server in our PID. I think the problem is not in certificates.
I remove some old message and the connections works to sFTP on my laptop.
But resend another idoc from sap to PI the message remaint with status Delivering in Message Monitor. I think the issue is in the original sFTP target server, but now this message can't be cancelled.
Finally, the message sent in the last our have an error in the sftp adapter, but the error is not solved.
The next lines are log in sFTP server when I can't transfer files from some days ago:
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - -
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user none" - -
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - -
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user none" - -
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - -
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user none" - -
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - -
83.231.xxx.xxx UNKNOWN sftp_user [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user publickey" - -
83.231.xxx.xxx UNKNOWN sftp_user [22/Jan/2013:15:33:29 +0100] "PASS (hidden)" - -
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" - -
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USER sftp_user" -
83.231.xxx.xxx UNKNOWN nobody [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user none" - -
83.231.xxx.xxx UNKNOWN sftp_user [22/Jan/2013:15:33:29 +0100] "USERAUTH_REQUEST sftp_user publickey" - -
83.231.xxx.xxx UNKNOWN sftp_user [22/Jan/2013:15:33:29 +0100] "CHANNEL_OPEN session" - -
Hi Oscar,
From the log above, it is clear that the issue is because of User Authentication.
"USERAUTH_REQUEST sftp_user none" there is no authenttication available for the user id you are using to connect via SFTP adapter. I have had similar issue in the past and resolved it.
Could you check it.
Regards,
Lakshmi Naik
"USERAUTH_REQUEST sftp_user none" The user sftp_user is the name of the sftp user to identificate in sftp server.
In sftp server side the administrator tell me that no modifications of configuration made from the last year.
I created another certificate and tested from PID to my sftp server (Bitvise SSH Server) and works fine. With the updating of the user in the sftp server with the new certificate, the issue continues.
I think the problem is in the sftp server, are you agree?
The same issue occurs with sftp and user/password without certificate. The next lines are the sftp server log:
Jan 23 18:20:01 [28037] <ssh2:3>: received SSH_MSG_USER_AUTH_REQUEST = (50) packet
Jan 23 18:20:01 [28037] <ssh2:10>: auth requested for user = 'sftp_user_test', service 'ssh-connection', using method 'password'
Jan 23 18:20:01 [28037] <ssh2:3>: sent SSH_MSG_USER_AUTH_SUCCESS (52) = packet (32 bytes)
Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet len 44 bytes
Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet padding len 19 bytes
Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet payload len 24 bytes
Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet MAC len 16 bytes
Jan 23 18:20:01 [28037] <ssh2:3>: received SSH_MSG_CHANNEL_OPEN (90) = packet
Jan 23 18:20:01 [28037] <ssh2:8>: open of 'session' channel using remote =
ID 4 requested: initial client window len 1048576 bytes, client max = packet size 16384 bytes
Jan 23 18:20:01 [28037] <ssh2:8>: confirm open channel remote ID 4, = local ID 0: initial server window len 4294967295 bytes, server max =
packet size 32768 bytes
Jan 23 18:20:01 [28037] <ssh2:3>: sent SSH_MSG_CHANNEL_OPEN_CONFIRMATION = (91) packet (48 bytes)
Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet len 44 bytes
Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet padding len 16 bytes
Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet payload len 27 bytes
Jan 23 18:20:01 [28037] <ssh2:20>: SSH2 packet MAC len 16 bytes
Jan 23 18:20:01 [28037] <ssh2:3>: received SSH_MSG_CHANNEL_REQUEST (98) = packet
Jan 23 18:20:01 [28037] <ssh2:7>: received 'subsystem' request for = channel ID 0, want reply true
Jan 23 18:20:01 [28037] <ssh2:3>: sent SSH_MSG_CHANNEL_SUCCESS (99) = packet (32 bytes)
Jan 23 18:20:08 [4614] <ssh2:9>: sending CHANNEL_REQUEST (remote channel = ID 0, keepalive@proftpd.org)
Jan 23 18:20:08 [4614] <ssh2:3>: sent SSH_MSG_CHANNEL_REQUEST (98) = packet (64 bytes)
Jan 23 18:20:08 [4614] <ssh2:20>: SSH2 packet len 12 bytes
Jan 23 18:20:08 [4614] <ssh2:20>: SSH2 packet padding len 6 bytes
Jan 23 18:20:08 [4614] <ssh2:20>: SSH2 packet payload len 5 bytes
Jan 23 18:20:08 [4614] <ssh2:20>: SSH2 packet MAC len 16 bytes
Jan 23 18:20:08 [4614] <ssh2:3>: received SSH_MSG_CHANNEL_FAILURE (100) = packet
Jan 23 18:20:08 [4614] <ssh2:12>: client sent SSH_MSG_CHANNEL_FAILURE = message, considering client alive
Jan 23 18:20:12 [28037] <ssh2:20>: SSH2 packet len 44 bytes
Jan 23 18:20:12 [28037] <ssh2:20>: SSH2 packet padding len 17 bytes
Jan 23 18:20:12 [28037] <ssh2:20>: SSH2 packet payload len 26 bytes
Jan 23 18:20:12 [28037] <ssh2:20>: SSH2 packet MAC len 16 bytes
From the trace I see that the login via password was a success. But I see a CHANNEL_FAILURE coming from the client. And afterwards we are
entering and endless loop of the following excerpt.=20
Jan 23 18:20:12 [28037] <ssh2:3>: received SSH_MSG_GLOBAL_REQUEST (80) = packet
Jan 23 18:20:12 [28037] <ssh2:3>: sent SSH_MSG_REQUEST_FAILURE (82) = packet (32 bytes)
Jan 23 18:20:22 [28037] <ssh2:20>: SSH2 packet len 44 bytes
Jan 23 18:20:22 [28037] <ssh2:20>: SSH2 packet padding len 17 bytes
Jan 23 18:20:22 [28037] <ssh2:20>: SSH2 packet payload len 26 bytes
Jan 23 18:20:22 [28037] <ssh2:20>: SSH2 packet MAC len 16 bytes
With user / password without certificate validation, the result have the same issue.
I think isn't a firewall issue, because I can connect with filezilla from the operating system in PID, but I don't know exactly how PI make the connection .
The firewall in Windows 2008 Server are disabled...
Hi Shabarish,
I am facing an issue with with sender, when I use SAP*.TXT sender is not finding any files, how ever when tried your solution with [0-9].txt I can see files being picked up, any thoughts?
Thanks,
Arvind
Check if the extension of your file is capsletter: SAP*.txt is not equal to SAP*.TXT for the adapter. If you use SAP*.txt files like SAP_mytextFILE.txt can be read by the adapter.
Does volume in folder makes any difference? I had more 1000 files with different dates, I tried to copy few files to some another directory and I saw files moving with [SAP].txt, but with same format nothing is picked from the folder which have large files.
Thank you,
Arvind
Please, I need urgent help to solve an ECC-PI interface using SFPT.
You can contact me 24 hrs.... at japr.dolphin@gmail.com    or WhatsApp +52 1 444 130 5690 or skype japr_dolphin
Thank you,
Arvind