Technical Articles
CPI – Gmail SMTP Integration
A few days ago, I hit a roadblock when I tried to configure a CPI-Gmail SMTP Integration. After setting up the Gmail credential using my usual Gmail user name and password, and performing a Connectivity Test, I encountered the error message ‘Username and Password not accepted’. I did some research and found that I had to use the App Password approach in order to access the Gmail SMTP from CPI. After completely configured the App Password approach, the Connectivity Test turned out to be successful. I then configured the rest of the Integration Flow starting from SOAP as the sender and ending the event with sending an email to my Yahoo account via my Gmail account.
In this writing, I will briefly share with you the steps taken to configure the CPI-Gmail integration.
Step 1: Setting Up the App Password.
The detailed information on how to setup an App Password can be found at https://support.google.com/accounts/answer/185833. To setup the App Password, login to your Google Account and click the ‘Manage your Google Account’ button. It should be located at the top right corner. At your ‘Google Account’ page, click the ‘Security’ link located on your left. You will see the ‘App Passwords’ link inside the ‘Signing in to Google’ box.
After clicking the ‘App password’ link, you may start creating an App Password. As shown in the figure below, select ‘Other (Custom Name)’ under the ‘Select App’ drop-down and click ‘Generate’.
Enter the name of your choice and in my case, I have entered ‘CPI Mail’, as shown in the below figure. Click ‘Generate’.
You will see your new 16-character App Password in the ‘Generate app password’ page, as shown in the figure below. Copy this password.
Step 2: Setup Credential in CPI.
In your SAP Cloud Platform Integration’s Overview page, click ‘Monitor’, as shown in the figure below. Then, click on the ‘Security Material’ tile.
In the ‘Manage Security Material’ page, select ‘Add’, then ‘User Credentials’, as shown in the figure below.
In the ‘Add User Credentials’ screen, enter a name of your choice. In my case, it was ‘GMAIL_CREDENTIAL’. Enter the Description and select ‘User Credentials’ as Type. Enter your full Gmail account user name at the ‘User:’ textbox.
Lastly, paste the 16-character App Password into the ‘Password:’ and ‘Repeat Password:’ textboxes.
Click ‘Deploy’.
Step 3: Import Google Certificates
This step allows the Gmail SMTP server to authenticate itself against SAP Cloud Platform Integration.
At your SAP Cloud Platform Integration’s Overview page, click ‘Monitor’ and then click the ’Connectivity Tests’ tile, which is located under the ‘Manage Security’ section. In the ‘Test Connectivity’ page, click ‘SMTP’ and enter the details as shown in the figure below. Ensure that the ‘Credential Name’ is the same as what you entered previously in the ‘Manage Security Material’ page. Then, click ‘Send’ and you should see the green successful response. Click the ‘Download’ button to download the certificates into your computer.
Lastly, once in your computer, unzip the certificate file.
Step 4: Install the certificates on CPI
At your SAP Cloud Platform Integration’s Overview page, click ‘Monitor’ and then click the ’Keystore’ tile, which is located under the ‘Manage Security’ section.
In the ‘Manage Keystore’ page, click ‘Add’, then ‘Certificate’, as shown in the figure below.
In the ‘Add Certificate’ page, enter the ‘Alias’ of your choice (in my case, it is ‘Gmail Certs’). Select the certificate from your PC and click ‘Deploy’.
Repeat the addition of the second certificate, as shown in the figure below.
Once done, you will see two additional entries in the ‘Manage Keystore’ listing. In my case, they are ‘gmail certs’ and ‘gmail cert2’, as shown in the figure below.
Step 5: Create and Deploy the Integration Flow
Now, you may design and deploy the iFlow.
Below is my simple iFlow for testing
Below is the configuration in the ‘General’ Tab
And here is the configuration in the ‘Connection’ tab. Please ensure that you enter the same value in the ‘Credential Name:’ textbox, as what you have previously created in ‘Step 2: Setup Credential in CPI.’.
Step 6: Testing the Integration Flow
Finally, you may test the iFlow.
In my case, I used the SOAPUI application to simulate sending a SOAP message to the iFlow.
And here, as shown in the figure below, the email with the SOAP content was successfully sent to my Yahoo account.
In summary, the vital steps to setup a CPI-Gmail SMTP integration involve creating an App Password via the Google account, and setting up credentials in CPI using the App Password. It also involves importing Google certificates and installing the certificates on CPI.
Hope you find this article helpful and if you have any suggestion and comments, please do not hesitate to reply to the Comments section below.
Thank you and have a pleasant time ahead.
Did you have to import the certificate often? we are having to do it whenever our our iFlow fails.. ( even when the certificate is still valid ).. this is seems to occur more frequently of late
Hi Suresh,
Sorry for my late reply. So far, after two weeks, there is no need to re-import the certificate at my end.
Regards,
SL Boon
Thank you so much for explanation.I was able to configure it successfully.
Regards,
Pooja
Great tip! Thanks a lot for sharing!!
It works! Thanks!
Thank you for sharing. Great Blog!
Thanks a lot Boon. was stuck for a while with SMTP receiver and that worked for me too.
In alomost every one had used port 587. But for me that didn't work. I was getting certification issue for this ..(PKIX error. )
Hi Sing Loo Boon,
I Created One iflow with Mail Receiver Adapter. I fallowed the process what you said but I am getting Error like Could not Connect to Host . Here I am attaching the screenshots . Please check the same and give me the solution. I am waiting for your replay. I am using SAP CPI Cloud foundry Trial version.
Connectivity Test
Could Not Connect Host
Please give the solution for this error.
Regards
Rajesh Kumar.P
Please try to use port 465 as gmail does not support SMTP/STARTTLS.
Also in the adapter keep the protection as SMTPS.
Regards,
Raihan
Awesome blog! Very helpful! Thanks for sharing.
Good morning.
Thanks for your helpful blog, it's instructive and easy to understand.
Thanks for sharing!!!
Thank you so much for your blog.. it's very much helpful for me...:-)
Regards
Chandrakanth
Thks Sing, because I had this error.
May I ask which Role/Authorization do you need in order to add a certificate (for Gmail SMPT) to the Manage Keystore in Trial Account?
I am trying to import the gmail cer files but it keeps throwing the error “You are not authorized to perform this action” even though I have assigned PI_Administrator to myself.
Thank you!
Hi Vu,
Could please try check whether these apply to you?
Group Role AuthGroup.Admin or Single Roles IntegrationOperationServer.read, NodeManager.read and NodeManager.deploysecuritycontent.
Regards,
Boon
Thanks Sing Loo Boon
It was very useful! I tried with App Password but it did not work until I complete the set up with the gmail connectivity test and certificates.
Thank you, this was helpful.
javax.mail.AuthenticationFailedException: 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 https://support.google.com/mail/?p=BadCredentials 3sm955798wmv.6 - gsmtp
i tried for oneday full but not worked getting same error
Thanks Sing Loo. I followed your steps and I was able to send email from SAP CPI to my Gmail account. In CPI, I had used a different email address in the 'from' field. However, the email I received had my Gmail in the from email address.
Thank you .It is very helpful.
Regards,
Rashmi
I notice May 30 2022 Google will stop to accept "Less secure application access", I've just created an account for notification and it doesn't accept my credentials.
I followed all steps to activate app password and I generated it.
But CPI give everytime this error:
javax.mail.AuthenticationFailedException: 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 https://support.google.com/mail/?p=BadCredentials j16-20020a05600c191000b0038c9249ffdesm2814147wmq.9 - gsmtp
It's not "wrong password", it said "Not accepted".
I've tested all combinations between protocols, credentials, and generate 2-3 app passwords.
Federico Bellizia
After facing the same problem with couple of my gmail accounts, Finally i could create a new one and still it failed with the same security exception that you got.
Then i went to Google Account-->Security-->Turned on the "Less secure app access"
Then the iflow messages completed without errors.
However i did not receive the email.
Then i realised that It was a mistake. The old email id value was the culprit in the Mail channel->Processing .After fixing it, i could receive the email from the iflow.
It appears to me that there is no need to use the app password feature. May be others can also try and comment.
Hi Manikandan Marimuthu,
I double checked the new account settings and I can't find Less Security switch, I remember it and now when you search for it this information are showed:
so... I turned off 2 step verification:
But if I click on App passwords:
But now Less secure come back to main screen:
So after 30 May 2022 there is another method to use them?
If you are using this mail service you will have some trouble I suppose.
I tested after but same error:
Any other service we can use instead of this?
It works! Thank you for sharing!
So gmail doesn't work anymore, we are moving on yahoo service meanwhile we try to find a solution.
F.B.
Great! Thank you for this detailed blog.
It worked perfectly.
This article was very helpful for me!
It works perfectly!
Good work, it helps a lot. Thanks!
For me this didn't work, because Google has switched off app-specific passwords since May 2022, as others have pointed out earlier.
I solved this by creating an outlook account, which does allow app-specific passwords, see this for more information
We can now use open connector and use Gmail api to send emails, open connectors doesn't work so use HTTP.