Why this blog?
I initially created part I of this blog just to share the easiness of the Mendelson AS2 software.
Now, it seems to be that some people struggled with the setup of sender and receiver AS2 adapters, in conjunction with the Mendelson software.
In this blog I will try to highlight configuration details for both the sender and receiver adapter as well as for the Mendelson software.
In case you feel parts are missing, please give me a sign and I will add it to this blog.
Configuration
Mendelson AS2
After the installation of Mendelson, I deleted the keystore content and filled it again with keys and certificates having proper names. Also, the SAP NetWeaver Administrator keystore was filled with the proper keys and certificates.
Next step is creating partners: one for regular use and one for encrypted message exchange.
Please note that there should be one partner serving as a local station, meaning the sender of AS2 messages.
Sender AS2 adapter
The most important parameters are:
I also used the adapter module localejbs/EdifactConverterModule because an incoming EDI file must be converted into XML.
Therefore you need to have the new B2B add-on for SAP PI/PO properly installed.
Receiver AS2 adapter
In this particular case, messages will be send to Mendelson. Therefore, some parameters could have unexpected values. Please note that for other receivers, this can be completely different.
The most important parameters are:
You can monitor messages being send to Mendelson using URL http://testas2.mendelson-e-c.com:8080/webas2/ . Username and password is guest.
Hi Dimitri,
Have you tried using 3DES as Message Encryption Algorithm for Partner Configuration in Mendelson AS2 Software?. When I send message from Mendelson to PI using 3DES, i am getting below error in PI and Mendelson.
MDN state is [processed/error: decryption-failed].
Details of MDN received from remote AS2 server: Cannot decrypt message
Does this mean that PI does not use 3DES as Encryption Algorithm for the certificates generated in PI?
Thanks & Regards,
Srikanth
Hi Srikanth,
If I'm not mistaken, this is a requirement from Mendelson.
Please have a look at their website. You must comply to specific rules before messages will be accepted at their side.
Kind regards,
Dimitri
Hi Dmitri, could you specify a good blog that we can use in uploading the certificate, generating keys, etc in order to configure the signing and encrypting both in Mendelson and SAP PI? Thanks
Hi,
There is nothing specific on the Mendelson software. Just generate your keys and import them into your PI system. Take a look on SCN, you will find numerous blogs and documents on this topic.
Kind regards,
Dimitri
Hi Dimitri,
Thanks a lot for a detailed blog on using the AS2 software to integrate with PI.
I am working on a similar requirement and am using the Mendelson AS2 1.1 software. I am initially trying to configure a No Encryption and No Signature scenario to transmit Edifact Orders data. I followed the above steps for no encrption with below receipt URL:
http://<host>:<port>/AS2/
As mentioned above, I have not ticked the http authentication since I am not encrypting data.
In PI, I have given the AS2 sender parameters as suggested above.
When I try sending data, I get below error:
Transmission failed, remote AS2 server reports "Unauthorized". HTTP 401.
I as well tried ticking the HTTP authentication and have given PI login credentials but no luck. Please assist how to fix this issue. What type of user needs to be created for transmitting http data in PI.
Appreciate your assistance.
Thanks a lot.
Vish
Hi Vish,
Download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy. If not, problems will arise concerning signing of messages on the SAP PO server.
Files local_policy.jar and US_export_policy.jar must be overwritten on the SAP PO host and on the machine where MendelsonAS2 is running.
URL to download: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
Concerning specific roles, I added these ones to my user:
Also, make sure the users PIAF<SAPSID>, PIDIR<SAPSID> and PIIS<SAPSID> are added to the Administrators group and they have role SAP_XI_ADMINISTRATOR_J2EE assigned.
Kind regards,
Dimitri
PS: I will try to write a 3rd part of this blog concerning certificates and signing
Hi Dimitri,
Thanks a lot for the assistance. After adding the above roles, I am able to transmit data from Mendelson AS2 to PI though without Encryption and Signature etc. Now I need to extend this scenario with Encryption and Signatures etc.
Thanks a lot for the guidance all through. Will reach out for help if I am held up in the next steps.
Regards,
Vish
Hi Vish,
In the meantime, I wrote a 3rd part of the blog, as promised.
You can find it here: http://scn.sap.com/community/b2b-integration/blog/2013/10/29/easy-to-use-as2-software--part-iii
Kind regards
Dimitri
Dimitri,
Thanks for the blog...this has been really helpful in understanding some of the capabilities and configuration options. We are trying to test a scenario where we are sharing one AS2 sender channel in several integrated configurations in PO. The client wants to sue one sender channel for all the inbound interfaces into SAP from the EDI partner. Therefore, we are using the sender trinity (sender system, interface name, and namespace) as parameters of the URL (as shown in this blog) when sending the messages. Below are the URLs we are using:
For PO Acknowledgement
http://<host>:52000/AS2/GXS/POAck?FS=TestSys&IF=PurchaseOrderERPRequest_Out_V1&NS=http://sap.com/xi/APPL/Global2
For Transportation Confirmation
http://<host>:52000/AS2/GXS/TranspConf?FS=TestSys&IF=TransportationOrderConfirmation_Out&NS=http://sap.com/xi/TMS/Global
We are testing using the Mendelson test client and are currently not using encryption or signature. The transactions return a successful MDN back to Mendelson but within PI they always get routed to the same integrated configuration. This is not what we expected as the sender trinity information should determine which ICO gets invoked when PI receives the message, and this is not happening. Every time a message is received in PI, the message goes to the same ICO (the one for Purchase Order Acknowledgements). What we have observed is that the ICO that gets invoked is the last one that was activated and updated the cache.
Can you please help us understand the following:
1. It seems the sender trinity information in the URL is being ignored during the ICO determination. Is this a bug or is there some additional configuration that is needed for this to work? If this is not a bug, then what is the purpose of sending the sender trinity in the URL? Is this needed if messages are encrypted?
2. If the above does not work then how can we reuse an AS2 sender channel for receiving data of different interfaces? Is this possible?
Any help is greatly appreciated.
Hi John,
What do you want to achieve? Message routing to different receivers?
If yes, you can still use 1 generic sender AS2 adapter, but you need to add conditions in the receiver step. In that way, messages can be moved to different receivers using different mappings.
Kind regards,
Dimitri
Hi Dimitri,
How can I trigger a message from mendellson to my SAP PI.I have created the partner profile as per you suggestion.Is there anyway to monitor the messaged being sent from Mendellson.
Is there any trigger message option in the tool?
Regards
Advit Ramesh.
Hi,
I downloaded and installed Mendelson AS2 software on my laptop to be the trigger of the process. Have a look at mendelson AS2 solution for more details
Kind regards,
Dimitri
Hi Dimitri,
Thanks for the blog. Configured the Mendelson tool and AS2 as described above steps. But when testing the Inbound PO processing scenario via this tool, i.e sender as Mendelson and receiver as PI 7.31 we are getting error in the tool as below
"MessageHTTPUploader.performUpload: [SSLHandshakeException]: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
It says that the handshake failed, but not sure what configuration we are missing in the tool or AS2 level.. or issues with certification. could you please help me on this? thanks much for helping me out..
Thanks,
Amudha
Hi Amudha,
We are facing a similar issue when we tried to test our AS2 connection with mendelson and our partner is facing similar issue.
Did you resolve this? May i know what is done to overcome this issue?
Thanks,
Vishnu Sangati
Hi all;
I realize this is an old blog, but I have the same error: “MessageHTTPUploader.performUpload: [SSLHandshakeException]: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
If we define HTTP in the "Receipt URL" (of Mendelson tool) of my Partner (our SAP PO DEV system) everything works as expected (for many years).
But we want all traffic to SAP PO via HTTPS. When I change the in the "Receipt URL" HTTP to HTTPs (and the port) then we get the error mentioned.
I have imported the root and intermediate certificate of our SAP PO in the key store of Mendelson, but the issue did not dis-appear.
Wilbert