Hana Cloud Integration / Hana Cloud Platform – Integration Services provides a IDoc adapter that enables you to Integrate with your back end SAP ERP system using IDoc Adapters. This blog series is a detailed startup guide for the set up tweaks required to Integrate HCI and ERP using IDocs.In this multi part series we will look at sending IDoc’s from SAP ERP to HCI and vice versa.
There already exists a few blogs on SCN that covers the various individual pieces of this puzzle but the intent of this series is to collate this info from a PI Developer’s perspective. Where required I will also point to additional links / references that had helped me in my journey! Due credit to those content as well.
In Part 1 (this blog), we will look at steps to trigger an IDoc from SAP ERP to HCI from the scratch using Basic Authentication.
In Part 2 – we will look at using IDoc Number to search for IDocs in HCI
In Part 3 – we will then extend this to use Client Authentication.
In Part 4 – we will look at the steps to trigger an IDoc from HCI to SAP ERP using Basic Authentication.
HCI Integration Flow Configuration
- Point to Point Integration Flow with No Mapping.
- Sender IDoc Adapter and a Receiver SFTP Adapter
- Make sure Role Based Authentication is selected.
Sender IDoc Adapter Configuration
- Select Adapter Type IDOC
- Note the Message Protocol used by the IDoc adapter is IDoc SOAP
- Provide a end point address to which the ERP system should trigger the IDoc to – in this case : /orders05 .
|Receiver SFTP Configuration is like any other SFTP configuration and is not described here.
Get the End Point URL for your Integration Flow
- Go to your Runtime Node ( IFLMAP ) –> Properties –> Services
- Copy End Point URL
SAP ERP Configuration
Transaction : BD54
- Define Logical System Name
- You can provide any logical system name you deem fit.
- In our case we have called the Logical System Name “HCI“
Download HCI SSL Certificate
- Go to your HCI URL, View Certificate ( from padlock ) –> Details –> Copy to File –> Select Default Options
- Save the certificate to your local desktop
- Go to view – SSL Client SSL Client ( Anonymous )
- Import your HCI SSL Certificate here.
- Click on Import Certificate
- Select your certificate from previous step
- Click on Add to Certificate List
- This is required to establish a SSL connection between your SAP ERP and SAP HCI.
- In PI you would create a TRFC Destination, in the case of HCI as the communication happens using SOAP over HTTP you create a Connection Type G
- Connection Type: G ( HTTP Connections to External Server)
- Target Host: <HostName from the Endpoint URL copied from HCI>
- Service No: 443
- Path Prefix : /cxf/<Path in Address Field of IDoc Adapter> ( In our case the Idoc adapter had Orders05 and hence, /cxf/Orders05
- Proxy Settings is any
- LogOn & Security
- Basic Authentication – Provide your HCI User & Password
- Security Options,
- SSL – Active
- SSL Certificate – Anonym SSL Client ( Anonymous ) – The view where the HCI SSL Certificate was loaded in previous steps in STRUST
- Perform a Test Connection
- If everything is Good,
- You should get a HTTP 500 Response
- Response Body should contain the text referring to check HCI Monitoring for More details
- In HCI Monitoring you should see a message with error “Unexpected EOF in Prolog“
- If the user name / password is wrong
- You should get a HTTP 401 UnAuthorized Error
- If the HCI SSL Certificate has not been loaded correctly in STRUST Keystore,
- You will get error – ICM_HTTP_SSL_Error
- In PI, you create a TRFC Port. In HCI, you create a XML HTTP Port as the connection happens using SOAP Over HTTP
- Port Type : XML HTTP
- RFC Destination : HTTP Destination Type G from Previous Step
- Content Type – Default Setting – Text/XML
- SOAP Protocol – Selected
- As HCI is expecting the IDoc as a SOAP over HTTP, do ensure that SOAP Protocol is selected here. This will make sure that the message that goes out from ERP is a SOAP message.
Transaction : WE20
- Add an outbound entry for your Logical System as per the IDoc being used.
- In our case we are using ORDERS.ORDERS05 IDoc and hence the outbound entry will contain the ORDERS.ORDERS05 details
- The Port will be the port created in Previous Step.
Test Your Flow
You are done! Trigger the IDoc using either your standard transaction or using We19. The IDoc should now be sent to HCI and processed by HCI.
Test Case#1 : HCI Integration Flow Executes Successfully
- IDoc triggered using WE19
- HCI Integration Flow Status
Test Case#2 – HCI Integration Flow Fails
- Make HCI Integration Flow Fails ( In my case SFTP Adapter is updated to have a invalid User Name )
- HCI returns a status HTTP 500 back to SAP ERP
- IDoc in WE02 will go into status 02 ( Failure )
- As the Integration happens using SOAP Over HTTP this is technically a Synchronous Integration and if a HTTP 202 / 200 is not received back from HCI, SAP will mark the IDoc status as failed.
Test Case#3 – IDoc triggered in WE19 with No of IDocs to be repeated as 2
- Single Message received at HCI.
- IDoc XML will contain 2 IDoc tags – 1 for Each IDoc
- HCI’s IDoc adapter uses SOAP over HTTP and hence this ends up becoming a Synchronous Flow.
- In SAP ERP,
- Make sure your Port in WE21 is of type XML HTTP & has SOAP Protocol Enabled.
- Make sure your RFC Destination in of Type G
- The status of your IDoc in WE02 will be 03 / 02 depending on the status of your Integration Flow in HCI.
- If HCI Integration Flow successful, Status = 03
- If HCI Integration Flow fails, Status = 02
the complete details of end to end flow. Thanks for sharing Bhavesh.
Great Blog Bhavesh, looking forward to other parts of this series. 🙂
The entire series is now Out! Hope you enjoy reading the same Sanjeev!
Any inputs on possible gaps are welcome!
Thanks for the wonderful blog Bhavesh!!
Excellent as always! Thanks !
Good to see you back blogging 🙂 Keep up the momentum
Hi Bhavesh. I followed your blogs on configuring the keystore to remove the error in the CXF-endpoint-IFLMAP-hcisbp component. The error got removed fine. then I followed this blog here to send an idoc to HCI. However the idocs are failing in ECC with status 02. In Partner profile, if I select Content type as text/xml and checked SOAP Protocol check box,I get the error as "Problem with Soap Class". I unchecked it, and I am getting "Communication error over HTTP". Please help me with this. Also the RFC destination fails for Server Hangup 502, when I disable the SSL conectivity and make it as "Inactive". If I keep it as "Active", the connection test does not return anything, I mean when I click the test button, nothing happens.
With regards to the error - you need to make sure SOAP protocol is selected. If you are getting a error after that would suggest you check the HCI Message Monitoring and see if the message has failed. Also would suggest you look at the HCI tenant Tail Log and check if the Tail Log has info on why the request was rejected by HCI.
For subsequenet followup on this, Would suggest you raise this as a question on the forum. Will respond there accordingly.
Also, if your SM59 connection is failing, then this is a network issue. Please check with your Basis and Network team to see if the Ports are open or if a proxy server is to be used.
The error is resolved, when we tried with a different ECC. Now am having issue in mapping. I don't see contents in the incoming idoc. In my IDOC adapter config, I have only configured the endpoint address, and not uploaded any WSDL in adapter. In the mapping, I downloaded the wsdl(DEBMAS) from ECC(removed the version parameter and kept as blank while downloading), and used it in the mapping. I have used the same structure for source and target, and mapped just the control records .Receiver is a mail. Earlier I got error in mapping as IllegalInstance Exception, and that the idoc segment was not getting created. Hence I gave map with default for the control record mandatory fields,
Eg: SNDPOR-->Map With Default-->SNDPOR.. The trace is not enabled in the tenant and hence with the data I received as email, I see only blank values in all fields.
In the runtime config, i tried with empty namespace and also as xmlns:ns2="urn:sap-com:document:sap:idoc:soap:messages", since this the xml namespace in the target xml I received as mail.
I also changed the source adapter as "SOAP", instead of IDOC, and triggered the same. The result is same, except the idoc in we05 is in error. Though, the message in HCI is with status "COMPLETED"
You can use a Groovy script to log your payload. Check this blog of mine: HCI - Payload Logging using Groovy Scripts - Part 1
Use the script before and after your mapping step and then you can see the Input XML from SAP and the output XML from your mapping and understand the corresponding impact.
Using this, you should be able to figure out why your mapping is not working and the changes required to your Integration Flow as needed.
I was able to solve it, by following this blog : Handling Extended/Custom IDOC in HCI with standard content. Anyways, thanks for your info on the using the scripts to log the messages. Yet to get my hands on the script, and I shall always look up to you for reference 🙂
Thanks again 🙂
I am also facing the same issue. Status 02, SSL handshake error -
1023:SRT: Processing error in Internet Communication Framework: ("SSL handshake with p1015-iflmap.hcisbp.ap1.hana.ondemand.com:443 failed: SSSLERR_PEE
We have in our ECC system, self signed certificate. Do we need CA authorized certificate?
Were you able to resolve this?
Yes, it was certificate issue. It was resolved.
Does the self signed certificate worked or you got it signed by authority.
Does somebody know if a CA signed certificate is mandatory?
Very helpful document thanks for sharing this kind of document, Bhavesh Kantilal
I followed your blog and getting Status 02 error when triggering IDOC from we19 in SAP ECC system.
Also, I cannot see any logs in HCI and no messages in Message Monitoring in HCI.
In RFC destination, when testing the connection getting the below status -
Not sure what is the issue, and what I am missing. I cross checked everything and it is same as you suggested.
In the IDoc Sender Channel we have the below screen. Do we need to enter any user credentials(deployed artifacts?)
I am not sure, if this is correct.
Thanks for this blog, I have some concern over the design limitation that we have in HCI -
In case we want to have 50 IDOC type going from ECC to HCI, then 50 RFC connections in ECC system and 50 Iflows in HCI should be created if the endpoint is IDOC specific - cxf/orders05.
I understand that we don't have isolated receiver determination or ICOs like PI,
but if we go for one connection for all IDOCs - cxf/IDOCs and create condition expression for finding the receiver and corresponding mapping(all the flows for every IDOC will be part of single Iflow in HCI).
Is it a good idea, or do we have any alternative to avoid n RFC connections for n IDOCs in ECC system?
I am also having same doubt.
Did you manage to get clarification regarding your query?
Exactly. I would develop a router iFlow in HCI. Did you decide on your approach?
Thank you for this blog. I was able to follow it and successfully sent an IDOC to an IFLOW. I've hit a snag within the mapping that I'm hoping that you can assist with me. I need to loop thru a specific E1EDKT2 segment group and concatenate all of the TDLINE's into one XML "comment" field tag that is defined as <xsd:element minOccurs="0" maxOccurs="1" name="Comments" type="xsd:string" />. I'm fairly new to mapping in CPI so any step by step instructions would be extremely helpful.
Thanks alot for the nice article. However I am facing a strange problem. In SM59 I can not change the selection in the "SSL Certificate" drop down list to be "Anonym SSL Client (Anonymous)". Whenever I try, it is always reverted to the "Default SSL Client (Standard)" Option.
Any idea what could be the reason?
Appreciating your help
May be a GUI issue. Just trying logging out and logging in and try.
I already have tried to logout / login multiple times ?
I noticed also that whenever I activate the SSL the page becomes uneditable. Showing the warning: SSL client PSE DEFAULT does not exist.
Also I tried to change the certificate selection while the ssl is inactive, but no success. Seems like the Anonym option is disabled.
I wonder whether it could be something with my user rights?
One question regarding the fact that when idocs are sent out over SOAP from ERP to CPI it works in synchronous mode..When there is a big amount of idocs sent out this is not reasonable to work in synchronous mode because the processing is so slow.
So do you have any ideas how to make this idoc sending to CPI to work asynchronously so that when CPI receives the idoc it sends the HTTP 202 right away. (And don´t wait the whole process to go through..)
Even switching from the idoc adapter to the SOAP adapter with Processing mode set to asynchronous won´t help..I mean setting the Message Exchange Pattern = One-Way" and Service Definition = Manual" and Processing Settings = WS Standard..This setting works okey if you try it from example SOAP UI but when triggering the idoc from ERP it is still synchronous..
Hi Bhavesh, I just started reading blogs and likes your efforts on Idoc adapter. Can you please let me know is there any blog on using Idoc adapter to update information in SAP ERP in idoc format ? I not an expert in idoc setup but aware of the configurations in case of Outbound. So, I would like know about inbound settings in CPI, SAP HCM to receive idocs from other system to SAP HCM.
One query please... why we need to import certificates only in SSL Client SSL Client ( Anonymous)?All three or only last *hana.xxxx certificate needs to be imported?
i have a question, in the SM59, the Target Host typing
in my case when wrote “https://A1111-iflmap.hcisbp.us2.hana.ondemand.com” sent me a message
“Connect to https://A1111-iflmap.hcisbp.us2.hana.ondemand.com 443 failed: NIEHOST_UNKNOWN(-2) ”
but when y wrote “A1111-iflmap.hcisbp.us2.hana.ondemand.com” sent me a box to capture user and password
What is wrong?
Great blog, thank you for sharing.
Great blog! Congratulations.
I face a problem. Maybe you can help? I send an IDOC from ECC via CPI to SalesForce using the Advantco Adapter. Everything works fine and the message is correctly processed in SalesForce. But I think CPI is trying to connect back to ECC to update the IDOC status and that is failing.
I get an error like this:
Outbound processing in endpoint at /Idoc failed with message "NullPointerException:while trying to invoke the method java.util.Map.get(java.lang.Object) of a null object loaded from local variable 'headers'"
Do you have any idea what this could mean?
I don't think the IDoc adapter updates the status of the idoc in the sender system. Instead, it returns 200/202 http status codes (http standard) which tells the sender that the Idoc message was successfully received. The sender then updates the idoc status.
In your case I guess you have already solved the issues since it's a while ago. Otherwise I would replace the sender adapter by a plain HTTPS channel and test with soapUI or similar to analyze it further.