In this blog, we shall see the steps to test the connectivity when communicating to SAP Cloud Platform Integration (f.k.a HCI). This blog is part of the series on Understanding Authentication & Testing Connectivity in SAP Cloud Platform Integration. You can access all the blogs here.
Let us assume the following scenario:
You have an SAP ERP system want to test whether SAP Cloud Platform Integration is reachable from SAP ERP. Before, we start on the SAP ERP system – let us test from a Web browser.
Testing from a Web Browser
I would propose to test first from a browser because it is the best way to understand what to expect in connectivity from SAP Cloud Platform Integration. These are the steps:
Prerequisite: You have an SCN user that has the role to communicate with SAP Cloud Platform Integration.
Step 1: Create a simple integration flow (SOAP – to – SOAP). Deploy the integration flow, and obtain its endpoint URL
You need not provide any WSDL for the sender SOAP endpoint. And ensure that you have selected Basic Authentication in the Sender.
Note the endpoint that has been created for the integration flow. We need this in our next step.
Step 2: Open a Web browser and enter the endpoint URL
When asked about the authentication, provide the SCN username and password that has been authorized against this tenant. Also, the role to access via basic authentication must be granted to this user.
Important Point to Note: Only HTTPs-based communication is possible with SAP Cloud Platform Integration. This means when I am sending a request from the Web browser, SAP Cloud Platform Integration presents itself with its certificates. It is important for the client (Web browser) to recognize these certificates. Therefore, the certificate store of the Web browser must have certificate chain of SAP Cloud Platform Integration.
Let’s take an example to understand this better. Let’s say I am using Google chrome Web browser to connect to SAP Cloud Platform Integration. When you enter the URL in the browser, you can navigate and check the certificate chain of the SAP Cloud Platform Integration instance. The Web browser must contain the certificate chain of SAP Cloud Platform Integration. Else, it cannot establish a trusted connection. See screenshots below:
Step 3: Check the Message Monitoring Log
If the connectivity is fine, then a message shall be sent to the integration flow. And it shall be visible in the message monitoring log.
Testing from an SAP ERP system
In principle, testing from an SAP ERP system is similar to testing from a browser.
It is easy to test via an HTTP destination created using the transaction SM 59.
- Create an HTTP destination in SM 59.
- Enter the endpoint URL of the integration flow.
- Since ERP is sending the data to SAP Cloud Platform Integration, the ERP system acts as a client. So, the ERP system must recognize the certificate chain of SAP Cloud Platform Integration (if the CA is not already included).
- In the SM 59 destination, you can provide the credentials to connect to SAP Cloud Platform Integration. Try with basic authentication first, and then using certificates.
- Remember to configure the sender components in integration flows accordingly. This can be done in the STRUST transaction of SAP ERP. Select the SSL Client SSL Client (Standard) certificate, export the certificate and save the file locally as .CER. Import this into the sender component of SAP Cloud Platform Integration.
Few screenshots of the procedure described is shown below:
We have taken a simplified setup to explain the connectivity tests. Our experiences with customer implementations show that most landscapes look like this below. Nevertheless, the concepts explained remain the same. And you must configure the Web dispatcher to speak to SAP Cloud Platform Integration. Further, keep a lookout for network filters and firewalls. They could block the calls to the integration instance.