B2B Capabilities in SAP Cloud Integration – Part 1
SAP Cloud Integration released B2B capabilities (available only with Enterprise licensed tenants) for enabling the B2B customers to securely transfer the EDI documents over AS2 protocol and provision a way to split, validate and convert the EDI documents to XML.
In this four-part blog series,
- Part 1 focuses on setting up AS2 simulation tool to simulate B2B partners, to transfer EDI message to a simple integration flow developed on SAP Cloud Integration tenant.
- Part 2 focuses on enhancing the above configured inbound scenario to securely transfer the EDI payload (using signing and encryption).
- Part 3 focuses on enhancing the above scenario to split,validate and generate functional acknowledgement for the incoming bulk message and finally converting the split message to XML.
- Part 4 focuses on creating an outbound scenario that converts IDoc message to EDI message.
- You have obtained SAP Cloud Integration tenant with SAP Cloud Integration, enterprise edition / SAP Integration Suite, standard edition / SAP Integration Suite, premium edition
- Message Broker is provisioned on the tenant. Refer the blog to provision a Message Broker.
- Familiarized with AS2 protocol. For more details refer to the rfc guide.
AS2 (Applicability Statement 2) is a specification about how to transport data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.
Follow the steps mentioned below to setup AS2 mendelson tool to simulate the AS2 partners and exchange a simple AS2 message between mendelson tool and SAP Cloud Integration tenant.
1. AS2 Mendelson Tool Installation:
For simulating the AS2 partners, I would be using the AS2 Mendelson software. You are free to use other tools.
1.Download and install Mendelson from http://as2.mendelson-e-c.com/
2. After Installation, you should see AS2 and AS2Stop shortcuts created as shown below
3.Click on AS2 to start Mendelson AS2 server.
4.Enter http://localhost:8080/as2/HttpReceiver in your browser and you should see the below message.
2. Configuring Mendelson for simulating AS2 Partners:
In this step, we would be making the necessary configuration required to post an AS2 message from the mendelson tool to SAP Cloud integration tenant. This would involve simulating a Sender Partner (mycompany) and Receiver Partner (ABCCompany) in the mendelson tool.
2.1 Configuring AS2 Local Station
There should be at least one AS2 partner configured as a local station that acts as an initiator to post the AS2 messages to other AS2 partners.
1.Run AS2.exe as Administrator
2. In File menu, choose Partner and perform the steps mentioned below:
3.Select Local station (the one with Home icon) and configure the properties. You may retain the default values.
4.Choose the MDN tab and enter the MDN URL as http://<IPAddress>:8080/as2/HttpReceiver
5.Click “Ok” to save configuration.
2.2 Configuring AS2 Partner
In this step, I am simulating an AS2 Partner called ABCCompany in the Mandelson tool. To test the connection between mendelson tool and SAP Cloud Integration tenant, the initial configuration does not include any security features (i.e. No Signature, No encryption ).
1.Choose mendelsontest and click on Clone to simulate a new AS2 partner ( mendelsontest0)
2.Edit the newly created partner. Here I have changed the partner name to ABCCompany. Configure the basic properties like Name and AS2 Id
3.Configure Security settings as shown below
4.Configure Send settings as shown below.
Receipt URL: <Runtime URL of the SAP Cloud Integration tenant>/as2/as2
Payload subject: SimpleAS2
Payload content type: Application/EDI-X12
NOTE: The Runtime URL can be obtained by connecting to the operations URL in the eclipse or through the Welcome Mail sent from SAP.
5. Configure MDN settings as shown below
6.Configure HTTP Authentication to post the AS2 messages on to Cloud integration tenant . The tenant does not accept any inbound messages coming without the authentication.
The user who has been assigned the ESBMessaging.send role on tenant iflmap application has to be mentioned in the Username field and provide the corresponding password of the user.
7.Configure proxy settings ( Optional )
If you are getting connection timeout error after all the above settings are done, it may mean that you need to configure the proxy.
Navigate to File->Preferences and set the proxy value as shown below.
More details about different AS2 headers can be found in the AS2 rfc guide https://www.ietf.org/rfc/rfc4130.txt
2.3 Import SSL certificate from SAP Cloud Integration Tenant to Mendelson tool
This step is required to securely post the AS2 message from mendelson tool to SAP Cloud integration tenant.
NOTE: You need to have the AuthGroup.Administrator , AuthGroup.BusinessExpert ,AuthGroup.IntegrationDeveloper roles assigned to the user on the tmn application.
For more details on task related roles, Refer SAP Cloud Integration Documentation https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/289ef3f8cfad442ea86fe0d5ddad8c42.html
Perform the below steps to import the root certificate:
1.Logon to Tenant Web UI URL .
2.Navigate to Monitor -> Key store.
3. Download the Root certificate as shown below
4. Import the root certificate on to the mendelson tool
a) In the mendelson tool navigate to File->Certificates -> SSL/TLS
b) Click on Import Certificate
c) Browse the downloaded certificate and Click on Import
d) Check “Show root certificates” to view Root certificate
NOTE: Incase if the above step is not performed, you would get the SSLHandshake error as shown below.
3: Create a Simple AS2 Inbound Integration Flow
3.1 Configure and deploy a simple AS2 Integration flow
1.Create a simple integration flow with AS2 Sender and SFTP Receiver to receive Bulk Orders pushed from the mendelson tool and post it onto SFTP receiver.
2. Configure AS2 Sender adapter as shown below.
Keep other properties related to Security, MDN and Retry to the default values.
3. Save and Deploy the integration flow
4.Check the status of the integration flow by navigating to Monitor->Manage Integration Content.
NOTE: Sometimes, Integration flow may fail after deployment with the error saying “No runtime nodes have started for this tenant”. Refer the KBA article 2520573 for the cause and resolution of the issue.
5. A Message queue named after the integration flow is created under Monitoring->Manage Stores->Message Queues.
4. Testing a simple AS2 message post from Mendelson to SAP Cloud Integration Tenant
1.In the account cockpit page, assign the Send role to the user on the iflmap application as shown below. This user is same as the user that we configured in mendelson tool for HTTP Authentication.
2. In the Mendelson tool, Choose File->Send File to partner
3. Choose ABCCompany from the Receiver dropdown and select a ANSI X12 message in the file name and click OK
4.You should see a successful message in the mendelson tool as shown below
5.Double click on the message to see the message that was sent and the MDN received back.
6.On the tenant, Navigate to Monitor Message processing to see a Completed message with an MPL attachments (MDN Attachment )
We have learnt on how to install and configure Mendelson tool to post AS2 message to SAP Cloud Integration Tenant. We have also created a simple integration flow with AS2 Sender to receive messages from mendelson tool.
In the next part of this blog series, I would extend this simple AS2 inbound scenario to post AS2 message securely ( with Signing and Encryption ) and use the EDI Flow steps to transform the ANSI X12 bulk payload to split, validate and convert to IDOC document.