Skip to Content

The OPI2 AS2 adapter enables SAP NetWeaver PI to transfer messages based on the standardized AS2 protocol.

The adapter is part of the OPI2 open source project for SAP NetWeaver PI. It is available on sourceforge in different versions (http://opi2.sourceforge.net). There you can also find detailed documentation that describes – among other things – the deployment of the adapter.

This how-to document (available also as PDF) is a step-by-step guide that shows how to use the OPI2 AS2 adapter based on two example scenarios. As partner system we use the mendelson AS2 server.

Sample Scenarios:

1. mendelson to PI (AS2 sender channel)

Please notice that the AS2-sender-channel automaticly sends back a “Message Delivery Notification” (MDN) to mendelson. (synchronous)

2. PI to mendelson (AS2 receiver channel)

Notice that mendelson sends back a MDN synchronously. This MDN has to be converted to an asynchronous message in order to save it to a file (via file receiver channel). Therefore we will use the adapter-module “ResponseOnewayBean” that acts as a synch-asynch bridge.

/wp-content/uploads/2012/09/1_3_137447.jpg

We will use the mendelson AS2 server as external system. For encryption and signature we will create keys and certificates that will be imported to mendelson and PI.

Steps

  1. Install “mendelson AS2 server”

  2. Generate keys and certificates

  3. Import generated keys and certificates into Mendelson and PI

  4. Configuration of Mendelson

  5. Configuration of PI

  6. Send test messages

1. Install “mendelson AS2 server”

The mendelson AS2 Server can be downloaded at http://www.mendelson-e-c.com/products_os.php. To start the installation run the file „install_mendelson_opensource_as2_1.1b37.exe“ and follow the instructions.

For a first test you can start mendelson AS2 server and run following URL in your webbrowser:

http://<your_ip>:8080/as2/HttpReceiver

2.JPG

You should see the mendelson release and the message „You have performed an HTTP GET on this URL“.

2. Generate Keys and Certificates

The keys and certificates can be generated with Portecle. You can find Portecle on http://portecle.sourceforge.net/. Just use the launch button to start the programm.

For both parties we have to take following steps:

  1. generate keystore
  2. generate keypair inside the keystore
  3. export certificate from the keypair (.cer file)

Remark: You can also generate the keys directly inside NWA. Here we will describe the creation of the keys using Portecle. Later we will import those keys into NWA.

We choosed following names:

PI

mendelson

keystore (filename)

TPI-as2-keystore

certificates.p12

keypair inside the keystore (alias)

TPI-as2-keypair

mendelson-as2-keypair

exported certificate (filename)

TPI-as2-cer.cer

mendelson-as2-cer.cer

Steps for mendelson keys/certificates

Generate keystore: File -> New Keystore

/wp-content/uploads/2012/09/3_136428.jpg

choose PKCS #12 and confirm with OK


Generate Keypair: Tools -> Generate Keypair

/wp-content/uploads/2012/09/9_2_137448.jpg

Export certificate: right-click the keypair -> Export

/wp-content/uploads/2012/09/7_136962.jpg

Keep configuration and save certificate (filename mendelson-as2-cer.cer)

Save keystore: File -> Save As (filename certificates.p12, choose password)

You have to repeat the steps to generate PI keystore, PI keypair and PI certificate.

3. Import Generated Keys and Certificates into Mendelson and PI

mendelson

The mendelson AS2 Server uses a keystore file certificates.p12 in the installation directory of mendelson. This keystore must contain the private key of mendelson and the certificate of PI.

  • The keystore certificates.p12 we created already contains the private key of mendelson, so we just have to add the certificate of PI:
    • Open the keystore certificates.p12 using Portecle
    • Tools -> Import Trusted Certificate -> choose the certificate TPI-as2-cer.cer we created before
    • confirm and save the keystore
  • Now we have to replace the file certificates.p12 in mendelson installation directory with the certificates.p12 we created.
  • The last step is to maintain the password of our keystore certificates.p12 in mendelson
    • start mendelson
    • File -> Preferences -> Security Tab -> Keystore password (encryption/signature)

/wp-content/uploads/2012/09/8_136502.jpg

PI

In PI the keys and certificates are maintained in the NWA. There we will need the private key of PI and the certificate of mendelson.

  • create a new view:
    • NWA -> Configuration -> Security -> Certificates and Keys
    • Add View
    • choose the new view
  • add private key of PI:
    • choose import Entry within the view we just created
    • Type: PKCS#12 Key Pair
    • choose file (TPI-as2-keystore), type in your password
  • add certificate of mendelson
    • choose import Entry within the view we just created
    • Type: X.509 Certificate
    • choose file (mendelson-as2-cer.cer), confirm

4. Configuration of Mendelson AS2 server

Start mendelson AS2 Server, klick Partner and add two parties:

mendelson_AS2

/wp-content/uploads/2012/09/10_136963.jpg

The checked box Local station specifies that this party represents the mendelson AS2 Server itself. We need to maintain a unique AS2 ID for each of our AS2 partners. We will have to maintain the same AS2 IDs later when we create the Parties inside PI.

/wp-content/uploads/2012/09/11_136916.jpg

We use the same private key (of mendelson) for both decryption and signature creation.

/wp-content/uploads/2012/09/12_136917.jpg

The MDN URL is used when we send messages out of mendelson. It specifies where the receiver system should send the MDN to.

TPI_AS2

/wp-content/uploads/2012/09/13_136918.jpg

This Party represents an external system (PI).

/wp-content/uploads/2012/09/14_136931.jpg

We use the same certificate (of PI) for both encryption and signature validation.

/wp-content/uploads/2012/09/15_136932.jpg

To send the AS2 Message to PI AS2 adapter you have to use following Receipt URL:

PI 7.3x

http://<host>:<j2eeport>/AS2HttpAdapter/AS2AdapterFacade?

FS=<from_service>&TS=<to_service>&IF=<outbound_interface>&NS=<interface_namespace>


older releases

http://<host>:<j2eeport>/AS2HttpAdapter/servlet/AS2AdapterFacade?

FS=<from_service>&TS=<to_service>&IF=<outbound_interface>&NS=<interface_namespace>


for our case we have

http://<host>:<j2eeport>/AS2HttpAdapter/AS2AdapterFacade?

FS=mendelson_AS2_Service&TS=TPI_AS2_Service&IF=CustomerOrder_out

&NS=http://cbsgmbh.com/pi/PA/TRN/LGCY01/SalesOrderCycle/KMO/10

/wp-content/uploads/2012/09/16_136933.jpg

At the moment the OPI2 AS2 Adapter supports only synchronous MDNs. We request a signed MDN.

The values of the other tabs can be kept on default.

5. Configuration of PI

For both Scenarios

Create a Party and a Business Component for both mendelson and PI. Choose the Service Interfaces you want to use.

Party

/wp-content/uploads/2012/09/17_136934.jpg

/wp-content/uploads/2012/09/18_136935.jpg

Remark: The values under Agency and Scheme are fix. Notice that for the key “AS2  ZZZ 117” there are two subsequent spaces in each case.

Business Component

/wp-content/uploads/2012/09/19_136936.jpg

/wp-content/uploads/2012/09/20_136938.jpg

Scenario 1 (mendelson to PI)

/wp-content/uploads/2012/09/21_136939.jpg

/wp-content/uploads/2012/09/22_136943.jpg

When you create the Integrated Configuration you have to maintain a Virtual Receiver because the AS2 message has the attributes To-Party and To-Service when it enters PI. (To-Service is specified in the Receipt URL of the mendelson partner configuration)

/wp-content/uploads/2012/09/23_136944.jpg

OPI2 AS2 Sender Channel (with keys and certificates)

Scenario 2 (PI to mendelson)

/wp-content/uploads/2012/09/24_136945.jpg

After sending the AS2 message to mendelson the MDN of mendelson is transformed to an asynchronous message using the Module “Response Oneway Bean” in the OPI2 AS2 receiver channel. This asynchronous message is processed by a second Integrated Configuration, which must use the receiver interface of the AS2 message to mendelson as sender interface. (Remark: since this is an inbound Interface, you cannot choose it using the value help. You have to type the name.) The SOAP sender channel we use is just a dummy to enable the creation of the Integrated Configuration.

Integrated Configuration for the message of PI to mendelson

/wp-content/uploads/2012/09/25_136949.jpg

Here we don’t need a Virtual Receiver.

Remark: For this scenario (AS2 inbound message / receiver channel) you can alternatively set the message header (sender party, sender component, receiver party, receiver component) in the tab Outbound Processing. You have to work this way if the real sender component of the message is not assigned to a party.

/wp-content/uploads/2012/09/26_136950.jpg

Integrated Configuration for the MDN of mendelson to PI

/wp-content/uploads/2012/09/27_136951.jpg

We need a Virtual Receiver again because the asynchronous message we get back after processing by the Response Oneway Bean has the attributes To-Party and To-Service.

OPI2 AS2 Receiver Channel (with keys and certificates)

/wp-content/uploads/2012/09/28_136952.jpg

Module Configuration of the OPI2 AS2 Receiver Channel

/wp-content/uploads/2012/09/29_136953.jpg

6. Sending Test Messages

mendelson to PI

Start the mendelson AS2 server, choose File -> Send file to partner and choose the sender, the receiver and the file you want to send.

/wp-content/uploads/2012/09/30_136954.jpg

After pushing Ok you should get the information that the message is successfully encrypted, signed and sent to the receiver and that a MDN is received successfully.

/wp-content/uploads/2012/09/31_136955.jpg

Also have a look at the message in Communication Channel Monitoring and Message Monitoring.

PI to mendelson

Put the file you want to send in the source directory of your file sender channel. As soon as the file is processed by PI you should see some informations in mendelson telling you that the message is successfully received and decrypted, the signature is verified successfully and a MDN is sent back synchrounously.

/wp-content/uploads/2012/09/32_136956.jpg

Also check in Message Monitoring that the MDN is successfully received and processed by PI.

/wp-content/uploads/2012/09/33_136957.jpg

To report this post you need to login first.

6 Comments

You must be Logged on to comment or reply to a post.

  1. Mariana Mihaylova

    Thanks for this how-to Karsten.

    Just a quick note, a PDF version of every SCN document can be seen by using the “View as PDF” or just add “.pdf” at the end of the url

    Cheers,

    Mariana

    (0) 
  2. raja sekhar modu

    Hi Karsten,

    nice and informative blog about OPI2, one of my client required this OPI2 for EDIFACT files can you please post the documentation how to install and how to deploy of OPI2 adapter and Edifact Conversion Module step by step process in PI. It would be helpful to me while implementation.

    Thanks in Advance.

    Regards,

    Raja

    (0) 
      1. raja sekhar modu

        Hi Holger,

        Thanks alot for quick response, i downloaded documents from sourceforge but i am so confused with that,i need step by step process like how to install and integrate opi2 adapter with PI 7.3. if you have implement on opi2 please guide me or post some documents related to OPI. Accordingly need to inform to my Basis Team, we all new to this OPI2 adapter.

        Regards,

        Raja

        (0) 

Leave a Reply