Applies to:


SAP Hybris Marketing:  For more information, visit https://help.sap.com/mkt


Summary:  This article explains SAP Hybris Marketing integration with AWS-SES which is used for email campaigns , newsletter and utilizes AWS-SES various features : such avoid SPAMs, Bounce, complaints etc


Authors: Akhilendra Pratap Singh


Company: Mindtree Bangalore

Created on: 15/06/2016


Author Bio


ApsinghJan012016.jpg

Akhilendra Pratap Singh is working as Sr. Functional Consultant at Mindtree Bangalore and has expertise in the areas of SAP SD, SAP CRM, SAP C4C and SAP Hybris Marketing . He is SAP SD and CRM Certified professional with around 16.5 years of experience.

Introduction:

SAP Hybris Marketing (1602 onwards) supports two email Service providers for Email Campaign management, namely: AWS-SES and SAP Mobile Service for Email. This paper will cover end to end integration of SAP Hybris Marketing with AWS- SES and is based on SAP Hybris Marketing 1511.


In order to set up the AWS- SES  email service provider, you will have to do configurations in:

  • SAP  Hybris Marketing Customizing
  • Amazon service for emails, notifications and queues and
  • Amazon Web Service Account for the Simple Email Service (SES) using http (not smtp)

STEPS:

  1. You have created an AWS account or has been setup by your BASIS team and you are provided with Login Id and Password.
  2. Login to https://console.aws.amazon.com with your credentials and configure a verified sender email address. You will need this when you define a sender profile later on.

     /wp-content/uploads/2016/06/2_1_976653.png

     3. For the verified sender email address, edit the Notification Configuration and create a new Amazon SNS topic, eg  bounces and complaints. Give the new topic the same name as the feedback queue. For example : AMAZON_BOUNCE

/wp-content/uploads/2016/06/3_1_975720.png

/wp-content/uploads/2016/06/3_2_976654.png


/wp-content/uploads/2016/06/3_3_975722.png

/wp-content/uploads/2016/06/3_4_975723.png


4.. In the Sender Notification Configuration, assign the SNS topic and disable Email Feedback Forwarding.

/wp-content/uploads/2016/06/4_975725.png

After Saving the config  ARN will be generated as shown below:


/wp-content/uploads/2016/06/4_1_1_976637.png

5. In the SQS console, create a new queue with the same name you gave the feedback queue in technical configuration.

/wp-content/uploads/2016/06/5_1_975727.png

/wp-content/uploads/2016/06/5_2_976638.png

6. Subscribe to new queue to the SNS topic you created earlier.

   Go to your AWS -SES Account and click on Security Credentials

/wp-content/uploads/2016/06/6_976639.png

/wp-content/uploads/2016/06/6_2_975733.png

Now you should create an IAM Users required to send or used in Sender Profile. It’s advisable to use IAM users to send emails as you can control the permissions/ authorizations.

  • Steps  to create an IAM User

/wp-content/uploads/2016/06/6_3_975740.png

  • Enter the user Names and Click the check box to “Generate an access key for each users” and then click on create ,as shown below:


/wp-content/uploads/2016/06/6_4_975741.png


  • Security Credentials Created for IAM Users.

/wp-content/uploads/2016/06/6_5_975742.png

7. Now You have set an account up at Amazon AWS-SES and received  following parameters during account set-up:

  • Amazon Access Key ID (hash string)
  • Secret Access Key (hash string)
  • Feedback Queue Path : see below for details

          The Feedback Queue Path is the last individual portion of the queue URL at Amazon.


          For example, the path fromhttps://sqs.eu-west-1.amazonaws.com/NNNNNNNNNNNN/ABC is /NNNNNNNNNNNN/ABC.


      https://sqs.eu-west-1.amazonaws.com/NNNNNNNNNNNN/ABC    is   /NNNNNNNNNNNN/ABC.

Identify Feedback Queue Path for you Hybris Mkt System :

“/0XXXXXXXXXXX/AMAZON_BOUNCE”


/wp-content/uploads/2016/06/7_1_1_976649.png


8. Set up a Group so that you can assign Policies to Users. For Example “Administrator” and assign all the admin policies.

/wp-content/uploads/2016/06/8_1_975759.png


9. Select from the  Policies to attach it to  Group Created in above step and click next.


/wp-content/uploads/2016/06/9_1_975764.png


10. Assign Users to the Group

/wp-content/uploads/2016/06/10_1_975765.png

/wp-content/uploads/2016/06/10_2_975766.png

Steps for AWS-SES  HTTPS RFC connection setup  and  Download X.509 certificate for STRUST (SSL Certificates)


Introduction:

Following steps needs to be setup in SAP Hybris

  • Import Amazon SES SSL Certificates in the Trust Store
  • Download SSL Certificates for your AMAZON SES target host (you can download the SSL certificate by opening the target host URL in your internet browser and downloading the SSL certificate)
  • Import the certificate into the PSE as described in Creating the Anonymous SSL Client PSE. You find this topic under help.sap.comTechnologySAP NetWeaver PlatformSAP NetWeaver 7.0Application HelpFunction-Oriented ViewSecurityNetwork and Transport Layer
  • SecurityTransport Layer Security on the AS ABAPConfiguring the SAP Web AS for Supporting SSLCreating the Anonymous SSL Client PSE.
  • Set SSL to Active for RFC destinations AMAZONMAIL, AMAZONBOUNCE.
  • Select the certificate list to which you uploaded the certificates.
  • Test the AMAZONMAIL RFC destination. If you receive an HTTP response code 404, then the set up is correct


Follow the below steps to Download Certificates and apply to  Hybris Mkt system


1.  Open URL: https://email.us-east-1.amazonaws.com/ in Chrome and  Open developer tools , as shown below:

/wp-content/uploads/2016/06/11_1_975791.png

2. Navigate to Security tab.

/wp-content/uploads/2016/06/12_1_976652.png

3. Choose ‘view certificate’ and save the certificate locally:


/wp-content/uploads/2016/06/13_1_976650.png


4.Store it as Base-64 file:


/wp-content/uploads/2016/06/14_1_975810.png


5. Login in to Hybris Mkt System and Import the certificate in Strust:  ( tcode: strust)

/wp-content/uploads/2016/06/15_976651.png


6. Setup RFC connection: ( Tcode: SM59)


/wp-content/uploads/2016/06/16_1_975818.png

Check the Security options in Logon and Security TAB, it should be “ Anonymous SSL..”

/wp-content/uploads/2016/06/16_2_975823.png


7. Perform the connection test and you should get HTTP response 404, which confirms connectivity to Amazon Server has been established and now you can send email/ execute email campaign .


/wp-content/uploads/2016/06/17_1_975824.png



  • To maintain / change Access key and Secret access key of IAM user in Hybris MKt

Tcode: ME_AMAZONXS

/wp-content/uploads/2016/06/18_975826.png

Note:

  • You would not like that all the Target Group members (Contacts) should receive emails when you execute an email campaign , while you are working on Development System, To avoid that :
      • You should maintain multiple  test email id,(Tcode: ME_WHITELIST) whichare verified in AWS- SES (if you are still in Sand Box)

References:

1) SAP Hybris Marketing Installation Guide1511

2) AWS Developers Guide

To report this post you need to login first.

15 Comments

You must be Logged on to comment or reply to a post.

  1. Frank Wittig

    Hello,

    Thank you very much for this great and very detailed description of the configuration process on AMAZON side ūüôā

    One important point for everything to work correctly here is the following:

    When configuring the notification configuration, the SNS topic should NOT be assigned to the Delivery option.

    For successful deliveries no topic should be assigned at all. Otherwise you will get errors in the application log during the bounce collection from AMAZON SQS. Only bounces and complaints should be assigned here.

    Best regards,

    Frank

    (0) 
  2. Bipin Pappachan
    Hello Akhilendra and All,
    I would like to thank you for this much detailed blog
    We have followed each and every step as you have listed in your blog
    However at the end, I’m getting the below attached error when I try to do the connection test in RFC Destination AMAZONEMAIL, it doesn’t give us 404 error but throws SSL handshake error 443.
    Just want some hints from you, if we have skipped some important steps or we are wrong some where.
    Your help here would be really appreciated.
    As we understood from your blog, to download the certificates

    As we understood from your blog, to download the certificates
    1) We opened below URL in chrome broswer :: https://email.eu-west-1.amazonaws.com/.
    When we open the site we get the below message . Is this right to get such a message ?

    The reason why we went for this URL is because in our console we got the URL and ARN as below, hence we changed the URL to https://email.eu-west-1.amazonaws.com/.
    Is this step which we did by opening the ” eu-west-1 ” url a correct one ?


    Is some certificate needs to be uploaded in AWS side as well ?

    Thanks

     

    (0) 
  3. Bipin Pappachan

    Thank you Akhilendra for your reply.

    While exporting the certificate from AWS website we selected the BASE-64 encoded X.509 format only.

    Unfortunately we still get the same SSL handshake error ? Do you think any steps we could have missed, from your post we have followed all the steps.

    We visited the site https://email.eu-west-1.amazonaws.com/.in our chrome browser and exported the certificate to our desktop. Later this was imported to STRUST under node SSL client SSL Anonymous

    When we opened this site in the browser we got the message <unknownoperationException/>, is this fine ?

    Can you give us some Hint.

    Thanking you for your help and guidance

    Regards

    Bipin

    (0) 
  4. Anthony Delcy

    Hi Bipin,

    I have followed the same instructions and I get the same error when I test the RFC. The only difference from your settings and mine is the region. I am using email.us-west-2.amazonaws.com and for the bounce queue I am using sqs.us-west-2.amazonaws.com and these information matches with my SQS queue from Amazon.

    Have you figured out the issue yet? If yes, could you share your finding please.

    Thank you

    Anthony

    You can email me at: anthonydelcy@gmail.com

     

     

     

    (0) 
    1. Bipin Pappachan

      Hello Anthony,

      Thank you for letting us know that you too are facing this problem.

      Not sure how to proceed, I have raised an Incident with SAP asking and seeking some inputs from them. I will surely keep you posted, if you get some information please let is know as well.

      What determines the region ? While configuring the AWS account you get the ARN key generated, mine came as West so i thought I should open the west website and download the certificate from there. Is this a correct approach ?

      Also what is the RFC destination Target host you have kept

       

      Thanks

      Bipin

       

      (0) 
  5. Akhilendra Singh Post author

    Hi Bipin,

    Have you maintained the  Access Key ID , Secret Key Id & Feedback Queue Id in customizing settings .

    Use¬†Tcode: “ME_AMAZONXS” ¬†to Set Amazon SES Credentials¬†

    Feedback Queue format looks like:

    Feed back: /XX09200XXXX / Amazon_Bounce_Complaint_Notifications

    Above  details you will find  from SQS Queue

    (arn:aws:sqs:us-east-1:XX09200XXXX:Amazon_Bounce_Complaint_Notifications)

    Also , it’s advisable to maintain IAM user ( with admin credentials) and use¬†Access Key and Secret key of IAM user, though not mandatory.

    Thanks,

    Akhilendra

    (0) 
  6. Andy Kim

    Thanks for the posting. It’s informative.

    Does Hybris support multiple AWS accounts to use SES? It seems to support to add multiple AMAZONSES. But only ONE AWS credential tab is provided, which means it does not support using multiple AWS accounts for SES. Is this correct?

    Thanks,
    Andy

    (0) 
  7. Priya Ravichandran

    Hi Bipin

    Did you resolve SSL handshake error ? Please post the solution if it is solved

    Hi Akhilendra,

    We are getting error in Amazon bounce RFC destination like Bipin(same screen) and we are getting 404 in Amazon mail

    Where did we go wrong in that case ?

    Any help would be appreciated

     

    Thanks

    Priya

     

    (0) 

Leave a Reply