The OPI2 AS2 adapter enables SAP NetWeaver PI to transfer messages based on the standardized AS2 protocol.
The adapter is part of the OPI2 open source project for SAP NetWeaver PI. It is available on sourceforge in different versions (http://opi2.sourceforge.net). There you can also find detailed documentation that describes – among other things – the deployment of the adapter.
This how-to document (available also as PDF) is a step-by-step guide that shows how to use the OPI2 AS2 adapter based on two example scenarios. As partner system we use the mendelson AS2 server.
1. mendelson to PI (AS2 sender channel)
Please notice that the AS2-sender-channel automaticly sends back a “Message Delivery Notification” (MDN) to mendelson. (synchronous)
2. PI to mendelson (AS2 receiver channel)
Notice that mendelson sends back a MDN synchronously. This MDN has to be converted to an asynchronous message in order to save it to a file (via file receiver channel). Therefore we will use the adapter-module “ResponseOnewayBean” that acts as a synch-asynch bridge.
We will use the mendelson AS2 server as external system. For encryption and signature we will create keys and certificates that will be imported to mendelson and PI.
Install “mendelson AS2 server”
Generate keys and certificates
Import generated keys and certificates into Mendelson and PI
Configuration of Mendelson
Configuration of PI
Send test messages
1. Install “mendelson AS2 server”
The mendelson AS2 Server can be downloaded at http://www.mendelson-e-c.com/products_os.php. To start the installation run the file „install_mendelson_opensource_as2_1.1b37.exe“ and follow the instructions.
For a first test you can start mendelson AS2 server and run following URL in your webbrowser:
You should see the mendelson release and the message „You have performed an HTTP GET on this URL“.
2. Generate Keys and Certificates
The keys and certificates can be generated with Portecle. You can find Portecle on http://portecle.sourceforge.net/. Just use the launch button to start the programm.
For both parties we have to take following steps:
- generate keystore
- generate keypair inside the keystore
- export certificate from the keypair (.cer file)
Remark: You can also generate the keys directly inside NWA. Here we will describe the creation of the keys using Portecle. Later we will import those keys into NWA.
We choosed following names:
keypair inside the keystore (alias)
exported certificate (filename)
Steps for mendelson keys/certificates
Generate keystore: File -> New Keystore
choose PKCS #12 and confirm with OK
Generate Keypair: Tools -> Generate Keypair
Export certificate: right-click the keypair -> Export
Keep configuration and save certificate (filename mendelson-as2-cer.cer)
Save keystore: File -> Save As (filename certificates.p12, choose password)
You have to repeat the steps to generate PI keystore, PI keypair and PI certificate.
3. Import Generated Keys and Certificates into Mendelson and PI
The mendelson AS2 Server uses a keystore file certificates.p12 in the installation directory of mendelson. This keystore must contain the private key of mendelson and the certificate of PI.
- The keystore certificates.p12 we created already contains the private key of mendelson, so we just have to add the certificate of PI:
- Open the keystore certificates.p12 using Portecle
- Tools -> Import Trusted Certificate -> choose the certificate TPI-as2-cer.cer we created before
- confirm and save the keystore
- Now we have to replace the file certificates.p12 in mendelson installation directory with the certificates.p12 we created.
- The last step is to maintain the password of our keystore certificates.p12 in mendelson
- start mendelson
File -> Preferences -> Security Tab -> Keystore password (encryption/signature)
In PI the keys and certificates are maintained in the NWA. There we will need the private key of PI and the certificate of mendelson.
- create a new view:
- NWA -> Configuration -> Security -> Certificates and Keys
- Add View
- choose the new view
- add private key of PI:
- choose import Entry within the view we just created
- Type: PKCS#12 Key Pair
- choose file (TPI-as2-keystore), type in your password
- add certificate of mendelson
- choose import Entry within the view we just created
- Type: X.509 Certificate
- choose file (mendelson-as2-cer.cer), confirm
4. Configuration of Mendelson AS2 server
Start mendelson AS2 Server, klick Partner and add two parties:
The checked box Local station specifies that this party represents the mendelson AS2 Server itself. We need to maintain a unique AS2 ID for each of our AS2 partners. We will have to maintain the same AS2 IDs later when we create the Parties inside PI.
We use the same private key (of mendelson) for both decryption and signature creation.
The MDN URL is used when we send messages out of mendelson. It specifies where the receiver system should send the MDN to.
This Party represents an external system (PI).
We use the same certificate (of PI) for both encryption and signature validation.
To send the AS2 Message to PI AS2 adapter you have to use following Receipt URL:
for our case we have
At the moment the OPI2 AS2 Adapter supports only synchronous MDNs. We request a signed MDN.
The values of the other tabs can be kept on default.
5. Configuration of PI
For both Scenarios
Create a Party and a Business Component for both mendelson and PI. Choose the Service Interfaces you want to use.
Remark: The values under Agency and Scheme are fix. Notice that for the key “AS2 ZZZ 117” there are two subsequent spaces in each case.
Scenario 1 (mendelson to PI)
When you create the Integrated Configuration you have to maintain a Virtual Receiver because the AS2 message has the attributes To-Party and To-Service when it enters PI. (To-Service is specified in the Receipt URL of the mendelson partner configuration)
OPI2 AS2 Sender Channel (with keys and certificates)
Scenario 2 (PI to mendelson)
After sending the AS2 message to mendelson the MDN of mendelson is transformed to an asynchronous message using the Module “Response Oneway Bean” in the OPI2 AS2 receiver channel. This asynchronous message is processed by a second Integrated Configuration, which must use the receiver interface of the AS2 message to mendelson as sender interface. (Remark: since this is an inbound Interface, you cannot choose it using the value help. You have to type the name.) The SOAP sender channel we use is just a dummy to enable the creation of the Integrated Configuration.
Integrated Configuration for the message of PI to mendelson
Here we don’t need a Virtual Receiver.
Remark: For this scenario (AS2 inbound message / receiver channel) you can alternatively set the message header (sender party, sender component, receiver party, receiver component) in the tab Outbound Processing. You have to work this way if the real sender component of the message is not assigned to a party.
Integrated Configuration for the MDN of mendelson to PI
We need a Virtual Receiver again because the asynchronous message we get back after processing by the Response Oneway Bean has the attributes To-Party and To-Service.
OPI2 AS2 Receiver Channel (with keys and certificates)
Module Configuration of the OPI2 AS2 Receiver Channel
6. Sending Test Messages
mendelson to PI
Start the mendelson AS2 server, choose File -> Send file to partner and choose the sender, the receiver and the file you want to send.
After pushing Ok you should get the information that the message is successfully encrypted, signed and sent to the receiver and that a MDN is received successfully.
Also have a look at the message in Communication Channel Monitoring and Message Monitoring.
PI to mendelson
Put the file you want to send in the source directory of your file sender channel. As soon as the file is processed by PI you should see some informations in mendelson telling you that the message is successfully received and decrypted, the signature is verified successfully and a MDN is sent back synchrounously.
Also check in Message Monitoring that the MDN is successfully received and processed by PI.