Why this blog?


I initially created part I of this blog just to share the easiness of the Mendelson AS2 software.
Now, it seems to be that some people struggled with the setup of sender and receiver AS2 adapters, in conjunction with the Mendelson software.

In this blog I will try to highlight configuration details for both the sender and receiver adapter as well as for the Mendelson software. 

In case you feel parts are missing, please give me a sign and I will add it to this blog.

Configuration

Mendelson AS2


After the installation of Mendelson, I deleted the keystore content and filled it again with keys and certificates having proper names. Also, the SAP NetWeaver Administrator keystore was filled with the proper keys and certificates.

Next step is creating partners: one for regular use and one for encrypted message exchange.TAB1.jpg

Please note that there should be one partner serving as a local station, meaning the sender of AS2 messages.

FOTO1.jpg

Sender AS2 adapter

The most important parameters are:

TAB2.jpg

I also used the adapter module localejbs/EdifactConverterModule because an incoming EDI file must be converted into XML.

Therefore you need to have the new B2B add-on for SAP PI/PO properly installed.

Receiver AS2 adapter


In this particular case, messages will be send to Mendelson. Therefore, some parameters could have unexpected values. Please note that for other receivers, this can be completely different.

The most important parameters are:

TAB3.jpg

You can monitor messages being send to Mendelson using URL http://testas2.mendelson-e-c.com:8080/webas2/ . Username and password is guest.

FOTO2.jpg

To report this post you need to login first.

14 Comments

You must be Logged on to comment or reply to a post.

  1. Srikanth Janumpally

    Hi Dimitri,

         Have you tried using 3DES as Message Encryption Algorithm for Partner Configuration in Mendelson AS2 Software?. When I send message from Mendelson to PI using 3DES, i am getting below error in PI and Mendelson.

    MDN state is [processed/error: decryption-failed].

    Details of MDN received from remote AS2 server: Cannot decrypt message

    Does this mean that PI does not use 3DES as Encryption Algorithm for the certificates generated in PI?

    Thanks & Regards,

    Srikanth

    (0) 
    1. Dimitri Sannen Post author

      Hi Srikanth,

      If I’m not mistaken, this is a requirement from Mendelson.

      Please have a look at their website. You must comply to specific rules before messages will be accepted at their side.

      Kind regards,

      Dimitri

      (0) 
      1. Roni Sto. Domingo

        Hi Dmitri, could you specify a good blog that we can use in uploading the certificate, generating keys, etc in order to configure the signing and encrypting both in Mendelson and SAP PI? Thanks

        (0) 
        1. Dimitri Sannen Post author

          Hi,

          There is nothing specific on the Mendelson software. Just generate your keys and import them into your PI system. Take a look on SCN, you will find numerous blogs and documents on this topic.

          Kind regards,

          Dimitri

          (0) 
  2. Vishwanath D

    Hi Dimitri,

    Thanks a lot for a detailed blog on using the AS2 software to integrate with PI.

    I am working on a similar requirement and am using the Mendelson AS2 1.1 software. I am initially trying to configure a No Encryption and No Signature scenario to transmit Edifact Orders data. I followed the above steps for no encrption with below receipt URL:

    http://<host&gt;:<port>/AS2/

    As mentioned above, I have not ticked the http authentication since I am not encrypting data.

    In PI, I have given the AS2 sender parameters as suggested above.

    When I try sending data, I get below error:

    Transmission failed, remote AS2 server reports “Unauthorized”. HTTP 401.

    I as well tried ticking the HTTP authentication and have given PI login credentials but no luck. Please assist how to fix this issue. What type of user needs to be created for transmitting http data in PI.

    Appreciate your assistance.

    Thanks a lot.

    Vish

    (0) 
    1. Dimitri Sannen Post author

      Hi Vish,

      Download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy. If not, problems will arise concerning signing of messages on the SAP PO server.

      Files local_policy.jar and US_export_policy.jar must be overwritten on the SAP PO host and on the machine where MendelsonAS2 is running.

      URL to download: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

      Concerning specific roles, I added these ones to my user:

      • SAP_XI_B2B_CONFIGURATOR_J2EE
      • SAP_XI_B2B_ADMINISTRATOR_J2EE

      Also, make sure the users PIAF<SAPSID>, PIDIR<SAPSID> and PIIS<SAPSID> are added to the Administrators group and they have role SAP_XI_ADMINISTRATOR_J2EE assigned.

      Kind regards,

      Dimitri

      PS: I will try to write a 3rd part of this blog concerning certificates and signing

      (0) 
      1. Vishwanath D

        Hi Dimitri,

        Thanks a lot for the assistance. After adding the above roles, I am able to transmit data from Mendelson AS2 to PI though without Encryption and Signature etc. Now I need to extend this scenario with Encryption and Signatures etc.

        Thanks a lot for the guidance all through. Will reach out for help if I am held up in the next steps.

        Regards,

        Vish

        (0) 
  3. John Maldonado

    Dimitri,

    Thanks for the blog…this has been really helpful in understanding some of the capabilities and configuration options.  We are trying to test a scenario where we are sharing one AS2 sender channel in several integrated configurations in PO.  The client wants to sue one sender channel for all the inbound interfaces into SAP from the EDI partner.  Therefore, we are using the sender trinity (sender system, interface name, and namespace) as parameters of the URL (as shown in this blog) when sending the messages.  Below are the URLs we are using:

    For PO Acknowledgement

    http://<host>:52000/AS2/GXS/POAck?FS=TestSys&IF=PurchaseOrderERPRequest_Out_V1&NS=http://sap.com/xi/APPL/Global2

    For Transportation Confirmation

    http://<host&gt;:52000/AS2/GXS/TranspConf?FS=TestSys&IF=TransportationOrderConfirmation_Out&NS=http://sap.com/xi/TMS/Global

    We are testing using the Mendelson test client and are currently not using encryption or signature.  The transactions return a successful MDN back to Mendelson but within PI they always get routed to the same integrated configuration.  This is not what we expected as the sender trinity information should determine which ICO gets invoked when PI receives the message, and this is not happening.  Every time a message is received in PI, the message goes to the same ICO (the one for Purchase Order Acknowledgements).  What we have observed is that the ICO that gets invoked is the last one that was activated and updated the cache.

    Can you please help us understand the following:

    1. It seems the sender trinity information in the URL is being ignored during the ICO determination.  Is this a bug or is there some additional configuration that is needed for this to work?  If this is not a bug, then what is the purpose of sending the sender trinity in the URL?  Is this needed if messages are encrypted?

    2. If the above does not work then how can we reuse an AS2 sender channel for receiving data of different interfaces?  Is this possible?

    Any help is greatly appreciated.

    (0) 
    1. Dimitri Sannen Post author

      Hi John,

      What do you want to achieve? Message routing to different receivers?

      If yes, you can still use 1 generic sender AS2 adapter, but you need to add conditions in the receiver step. In that way, messages can be moved to different receivers using different mappings.

      Kind regards,

      Dimitri

      (0) 
  4. Advit Ramesh

    Hi Dimitri,

    How can I trigger a message from mendellson to my SAP PI.I have created the partner profile as per you suggestion.Is there anyway to monitor the messaged being sent from Mendellson.

    Is there any trigger message option in the tool?

    Regards

    Advit Ramesh.

    (0) 
  5. Amudha Ram

    Hi Dimitri,

    Thanks for the blog. Configured the Mendelson tool and AS2 as described above steps. But when testing the Inbound PO processing scenario via this tool, i.e sender as Mendelson and receiver as PI 7.31 we are getting error in the tool as below

    “MessageHTTPUploader.performUpload: [SSLHandshakeException]: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”

    It says that the handshake failed, but not sure what configuration we are missing in the tool or AS2 level.. or issues with certification. could you please help me on this? thanks much for helping me out..

    Thanks,
    Amudha

    (0) 
    1. Vishnu Reddy Sangati

      Hi Amudha,

      We are facing a similar issue when we tried to test our AS2 connection with mendelson and our partner is facing similar issue.

      Did you resolve this? May i know what is done to overcome this issue?

      Thanks,

      Vishnu Sangati

      (0) 

Leave a Reply