Skip to Content
Author's profile photo Piyush Gakhar

SP3 Released: B2B Add-On and Secure Connectivity Add-On

SAP has released SP3 for B2B Add-On & SFTP-PGP Add-On and lot of new enhancements are delivered.

Summary of previous SPs:

Major SP3 enhancements includes:

  • Secure PGP Key Storage and Multiple Directory support for SFTP Adapter
  • Alerts for  SLA violation and negative acknowledgments
  • AS2 attachment support, Log Viewer and Certificate based client Authentication
  • TPM- SLA Definition, Parter Active/Inactive Mode,Usability enhancements
  • EDI Content Manager and NRO enhancements

Important Documentation

  • Configuration guides (Application Help) is now available at
  • Installation/Master/EDI Content/Security guides are available at folowing location on Service Market Place
  • 1695520 : SMP Download location of Business to Business Add-On
  • 1695522 : Compatibility matrix : Supported Process Integration releases

Let us have a look on the below information to find out “What is new”.

AS2 Adapter

AS2 log Viewer

A new AS2 Log Viewer is provided in EDI Content Manager. It helps to view the errorneous cases (Negative MDNs, Wraning MDNs, HTTP 403 etc.) for both AS2 sender and receiver channels. Even in case if no XI Message gets generated (on sender AS2 channel) due to some error, AS2 Log Viewer shows the details of all errorneous incoming AS2 requests To PI.

AS2 certificate based client authentication

AS2 adapter now supports certificate based client authentication on receiver channel. On sender channel, it was already supported.

AS2 attachments

AS2 adapter supports multipart attachments on both sender and receiver channel. Incoming AS2 attachments can be now be processed as attachments to XI message and on the oubound side, attached XI message attachments can be sent to partner via AS2 receiver channel.

AS2 Alerts for Negative MDNs

Alerts can be configured for AS2 negative MDNs using standard PI Alerting framework

Trading Partner Management

SLA Definition

SLA can be defined in minutes for functional acknowledgments (both incoming and outgoing-EDIFACT, EANCOM and X12) . Alerts can be defined for violated SLAs using standard PI Alerting framework.

Parter Inactive/Active

Partner can be defined in Active or Inactive state. If a parter is inactive, messages in PI will not get processed and will be in error state. A new module need to be added either on sender or receiver channels. If it is added on sender channel and partner is inactive, it will result in a ,message loss and no XI message will get created. If it is added on receiver channel and partner is inactive, message will be in PI but in error state.


Lot of Usability enhancements were done and some were downnported to SP2 as well. It includes:


  • Enables Partner Profile parameters for monitoring (Local and Message Flow Monitor)
  • TPM Content Access module provides an encoding module parameter (edi.encoding) in case incoming EDI message cannot be recognized with the default encoding.
  • The enable.ediAckProfile parameter defined in TPM Content Access module provides inputs to EDI separator adapter. By default, the value is false.


VDA messages and partner details can also be defined in TPM.

NRO for Functional Acknowledgements

For a given partner, NRO can be defined and used for generating interchange no. of a functional acknowledgement. By default, generated acknowledgement uses the same interchange no. as of incoming document.

EDI Separator:

X12 Group Based Splitting

EDI Separator receiver channel can now split X12  batch messages based on different groups. Default behaviour is to split messages on each transaction set. EDI Separator sender channel is also enabled to receiver Group based splitted X12 messages. This option is also provided in TPM.

Ack Logging

Earlier, EDI Separator receiver channel used to log the different status for monitoring functional acknowledgements (eg. Required, Generated and Sent). Now the behaviour is changed and it will not log the final “Sent” status as acknowledgement is sent to partner using another ICO. A new module is provided that need s to be added on receiver channel of other ICO and it will log the final status “Sent” for monitoring based on successful XI message delivery.

NRO for Functional Acknowledgements

NRO can be defined and used for generating interchange no. of a functional acknowledgement. By default, ack uses the same interchange no. of incoming document.


EDI Seperator receiver channel can use the encoding for reading and splitting the incoming document based on agreements definition in Trading Partner management.

EDI Content Manager

Test Conversion

Test Conversion screen is made easy and end user has to only select the Control Key instead of Control Key scenario association table enteries. But still, user has to enter values in Control key Scenario association Table for runtime usage if TPM is not getting configured for Control Keys

Create Message (Renaming)

If your message definition is similar to any of the existing messages and you just want to rename an existing message instead of creating a new from scratch, Renaming option can be used.

New Message Types for Tradacoms and Odette

A lot of new messages have been introduced for Odette and Tradacoms. Please refer EDI Content guide

VDA Module

Monitoring and search is enabled for sender, receiver and Transmission no.

Archiver Module

File Name and Directory Name

File Path and Directory name can be set from environmental variables

File Name and Directory name can include variables present in message headers (eg. Trading partner Name, interchange no. etc.)

SFTP Adapter

Multiple Directory Support

Multiple directory support and exclude mask functionality has been added (same as File Adapter)

PGP Module

Secure Keys Storage

Secure Connectivity add-on supports secure storage of storing and retrieval of PGP keys. After storing the keys, module parameters in PGP module can be configured to access the keys from secure storage. This secure storage UI can be accessed from a predefined URL or from the B2B Intgeration Cockpit.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Thomas Muhler
      Thomas Muhler

      Hello Piyush,

      is there any update for the matrix in sap note 1695522 available (SP03 is missing in the note)?



      Author's profile photo Piyush Gakhar
      Piyush Gakhar
      Blog Post Author

      Hello Thomas,

      SP3 information in SAP note has been added now. There is no difference wrt. underlying PI releases for SP2/SP3.



      Author's profile photo Karin Paul
      Karin Paul

      Hello Piyush,

      did you already try the PGP secure key storage?

      The secure key storage is no more mentioned in the release notes and also the documentation seems not to be complete - but it is possible to start the key store.

      I uploaded a keyring. Now I try to use the encryption module. I use "useSecureStore" = True, and try to set the parameter "partnerPublicKey" but in the secure key storage I cannot see any key name, there is only the name of the keyring.

      If you already used it, can you describe how I have to configure it?



      Author's profile photo Vishnu Prasad K
      Vishnu Prasad K

      Hi Karin,

      You can upload the key and name it as you wish (leave it blank and it will use the file name). You have to provide the same name in the module. The Secure Store is the same as the file system but instead of storing the key in the file system we store it in the Secure Store and read the key contents.

      Please provide a screenshot of the error/issue if my comments where not helpful.



      Author's profile photo Karin Paul
      Karin Paul

      Hello Vishnu,

      thanks for the information. I tried to use key rings. When using keys, it works.

      One more question: where are the keys saved? Is it also in the folder: usr/sap/<systemID>/<Instance ID>/sec? Is it the file SAPSSLS.pse?

      We have a very strange error: after a system restart we have lost our keys (first restart) or get an older version of the key store entries (2nd restart) ...



      Author's profile photo Vishnu Prasad K
      Vishnu Prasad K

      Hi Karin,

      The key is stored in an encoded manner, I'm not sure about the location in the file system.

      The keys under PGP Secure store are lost/corrupt? Is it happening for every restart? Could you take a note of the properties of the key shown in the SecureStore UI and compare when you encounter the issue?


      Author's profile photo Former Member
      Former Member

      Hi Piyush,

      Could you provide heads up on the activities we need to take care while upgrading from SP01 to SP02 and SP02 to SP03 with respect to functionality and Technicalities.


      Author's profile photo Former Member
      Former Member

      Hi Piyush,

      Modules defined for SLA violations feature from TPM are used only in EDI separator adapters?

      Can we use this modules in any other adapters for e.g; SAP to Partner scenario.



      Author's profile photo Saurabh Kumbhare
      Saurabh Kumbhare

      Hi Piyush,

      In the section Parter Inactive/Active you have mentioned :

      "A new module need to be added either on sender or receiver channels"

      Can you please help which is this modul? Is it TPMContentAccessModule ?

      Thanks in advance.



      Author's profile photo Former Member
      Former Member

      It seems that the "PGP Secure Store" technically boils down to just being a file on the file system (i.e. a psf-file with multiple keys inside instead of having separate .asc and .pub files). In this regard I have three questions:

      1) Is there an official/supported API to manage the psf-file or is it only managed via web UI in the cockpit?

      2) What extra level of security does a psf-file add (as opposed to having asc-files directly on the file system protected by OS)?

      3) Are there any plans to support storing PGP keys in the NetWeaver key store instead (centrally managed together with all other keys)?

      Author's profile photo Jens Schwendemann
      Jens Schwendemann

      Hi Michel, Hi all.

      trying to configure mentioned PGP Secure Store. What I currently don't get is this: In Configuring the Encryption PGP Module - SAP Process Integration, secure connectivity add-on Configuration - SAP Library the helpfile talks about pwdOwnPrivateKey. But uploading the secret key to the PGP Secure Store did not ask about such a password.

      I'm by no means an expert in this area and mainly followed this link to create myself a keypair Of course, within that process I specified a passphrase for the key (for the extra signing key, to be precise).

      So when I then export the key via gpg -a --output C:\Temp\private_sign.asc --export-secret-keys <Signing KeyID> it would of course ask for the passphrase. But will the exported *.asc file still have that passphrase information or did I do something terribly wrong along the way 🙂