How to Setup Connection from your Cloud Integration to SAP Logistics Business Network
SAP Logistics Business Network, freight collaboration option improves supply chain efficiency by connecting business partners on a collaborative network that supports jointly managing transactions, exchanging documents, and sharing insights across the value chain.
To enable document exchange, you have to setup connectivity to your On-Premise system. Your on-premise(SAP S/4HANA or SAP TM standalone) system can be connected to SAP Logistics Business Network based on below options
- Connection via middleware: either SAP Process Integration(PI) or SAP Cloud Integration
- Direct connection (via SOAMANAGER) between SAP Logistics Business Networkand your SAP TM or SAP S/4HANA system
This blog will elaborate option 1 with connection via SAP Cloud Integration by providing step-by-step guidance for you establish connection
Setting up the connection
You must have administrator rights to SAP Logistics Business Network tenant and also to your SAP Cloud Integration tenant. Below list of activities have to be carried out to setup the connection
- Generate the key pairs certificates(Key Pairs) with Identity Authentication Service(IAS)
- Import IAS Certificate to Logistics Business Network
- Import Certificates to your SAP Cloud Integration
- Maintain SAP Cloud Integration Outbound SOAP adapter
- Maintain SAP Cloud Integration Inbound SOAP Adapter
- Maintain iflow endpoint of SAP Cloud Integration in System Connection
1. Generate the key pairs certificates(Key Pairs) with Identity Authentication Service
Communication between SAP Logistics Business Network and SAP TM or SAP S/4HANA is based on B2B messages using SOAP protocol. Messages are authenticated using client certificates. These certificates must be requested.
- You have already purchased an Identity Authentication service You can purchase such a service tenant here: < https://www.sapstore.com/solutions/40132/SAP-Cloud-Platform-Identity- Authentication>.
- While subscribing to an SAP Logistics Business Network productive license, you have been provisioned with an Identity Authentication service tenant and details tenant, and a URL is sent to the S-User used for the license
- If you have subscribed for a test SAP Logistics Business Network license and you have not purchased an Identity Authentication service tenant, you may request a key pair from SAP by raising an incident to the component SCN-LBN-INT. (In this case, you can skip the steps in this )
When using the Identity Authentication service, the certificates are signed by SAP Passport CA.
Perform the following steps to request the Key Pairs certificate:
- Obtain access to the Identity Authentication tenant
- Follow the steps below to generate a *.p12 file from your Identity Authentication service tenant. Perform the following actions to generate a key The following process is only for an SAP Logistics Business Network productive license.
- Access the tenant’s administration console for the Identity Authentication service by using the console’
- Note the following points:
- The URL has the pattern https://<tenant ID>.accounts.ondemand.com/admin.
- The tenant ID is automatically generated by the first administrator who created the tenant receives an activation email with a URL. This URL contains the tenant ID
- Under Applications and Resources, choose Applications, click the pencil icon for Add Application, and assign the new application the name CertificateGeneration, for example. Within the section “Client ID, Secrets and Certificate”, Click on Add “Certificates for API Authentication”
- Enter the Common Name, Password, and Confirmed Passwordand click on Generate. The browser downloads *.P12 file to your local folder. Ensure that you note down the password
2. Import IAS Certificate to SAP Logistics Business Network
- From *.P12 file extract leaf certificate via application KeyStore Explorer application . You may down the key store explorer from website (https://keystore-explorer.org )
- After installing the application drag and drop p12 file into the keystore application. Enter the p12 file password . Export the p12 leaf certificate as shown in the image.
- Logon to SAP Logistics Business Network application. Navigate to system connection app. Create a new connection of type SAP TM – SAP S/4HANA. In the “Inbound to Network”, click on Add and upload the exported p12 leaf certificate.
- In the system connection app, Click on “Certificate Chain”. This will download a *.P7B file into your web browser’s download folder. This certificate will be used to authenticate flow from SAP Logistics Business Network to your SAP Cloud Integration instance.
- Activate the connection.
3. Import Certificates to your SAP Cloud Integration
- Logon to your SAP Cloud Integration system. Navigate to Monitor and then to Key Store. Upload the*.p12 file (key pair). Provide an Alias name and note it down for later use. You have to enter the same password as used to generate the key pair.
- Extract the root and intermediate certificates of the runtime URL: https://l20398-iflmap.hcisbp.eu1.hana.ondemand.com via key store explorer and upload to the SAP Cloud Integrationtenant keystore
Additionally refer the below link on how to extract certificate using mac. https://stackoverflow.com/questions/25940396/how-to-export-certificate-from-chrome-on-a-mac
4. Maintain SAP Cloud Integration Outbound SOAP Adapter
- In the iflow for sending out payloads to SAP Logistics Business Network, Create a SOAP adapter. Maintain
- Address: https://l20398-iflmap.hcisbp.eu1.hana.ondemand.com/cxf/lbn/b2b/soap/v1
- Authentication type: Client Certificate.
- Private key alias: Alias name you have provided while uploading the *.p12 file
5. Maintain SAP Cloud Integration Inbound SOAP Adapter
Within your inbound iflow in SAP Cloud Integration to receive LBN payload, create a SOAP adapter. Maintain below fields
- Address: URL endpoint address
- Service Definition: Manual
- Message Exchange Pattern: One-way
- Authorization: Client Certificate
- Client Authorization:
- Export the leaf certification from *.P7B file ( this file you would have downloaded from System connection app ) via key store explorer.
- In the SOAP Adapter connection setting , within Client Certificate Authorization, Add the exported certificate
6. Maintain iflow endpoint of SAP Cloud Integration in System Connection
For communication from SAP Logistics Business Network to your Cloud Integration layer, you have to maintain the your SAP Cloud Integration iflow endpoint in System connection app.
- Open System connection app and Navigate to connection you have created earlier steps
- In the Outbound from Network tab, click on “Add Destination” and maintain the endpoint for each “Service Interface Name” . Authentical details will be blank. ( You could have different endpoint for each service interface or the same endpoint. It depends on your implantation is SAP Cloud Integration )
- Click on Activate button
By following above steps you would have established connection between your instance of SAP Cloud Integration with SAP Logistics Network. You would have additionally do the required settings and mapping to connect underlying SAP or Non SAP system to your SAP Cloud Integration tenant. You may find the details in this help documentation. https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/7cfe913ba85d463a9c5fce101c3ae460.html