How to ..Test AS2 Sender Adapter on soapUI using Client Certificate Authentication in Cloud Integration

If you have been working with B2B with BTP Cloud Integration, you surely have come across the scenario where you need to test your iFlows configured with Client Certificate Authentication. if you need to test your AS2 inbound iFlow fast and easy you can use soapUI and get that testing underway. Below you will find a quick tutorial on how to set soapUI to call your AS2 endpoint.

Assumptions:

• You have created and deployed an iFlow using AS2 Sender Adapter.

Example:

• You have credentials with a valid role to execute iFlow’s in the BTP Cloud Integration tenant.
• You have a private key in “.pfx” or “.p12” format.

Step 1: Create a new REST project in soapUI
Input: AS2 Endpoint from your deployed iFlow

Step 2: Create the mandatory AS2 headers

• mime-version: 1.0
• as2-version: 1.2
• subject: soapUImsg <– You need to use the same value as configured in your iFlow as Message Subject
• ediint-features: multiple-attachments, CEM
• as2-from: soapUIasPartner <– You need to use the same value as configured in your iFlow as Partner AS2 ID
• content-disposition: attachment; filename=”your_file_name_HERE.txt”
• message-id: provide a unique ID
• as2-to: myCompanyID <– You need to use the same value as configured in your iFlow as Own AS2 ID
• disposition-notification-to: URL in case of MDN
• from: Email address associated with Partner
• content-type: Application/EDI-X12

Step 3: Change the Method to POST, the Media Type to “text/xml” and add content in the body

Step 4: Add credentials to the request.

Scenario A) Basic Authentication > Navigate to Auth> Add new authorization > Basic > Type in credentials from service key

Scenario B) Client Certificate Authentication or TLS Mutual Authentication

In the Navigator panel, select the project folder and access the “Project View” by right click and select the option “Show Project View”

Select the “WS-Security Configuration” tab > then select the “Keystore” tab

Click on the green + button and browse for the private key with the “.pfx” extension.

Note: For the demo, I will use S-User SAP Passport. IMPORTANT: I have previously configured an instance on the BTP cockpit and created a corresponding service key.

Close the “Project View” and in the request properties pane select the keystore from the drop-down in SSL Keystore

Important Note that in Trial accounts no SAP key pair is provisioned. Because of this client certificate-based inbound authentication cannot be used. You can only use basic authentication with clientid and clientsecret generated in the service key.

Step 5: Submit Request

Scenario A) Click on the Play button. Navigate to Monitor Message Processing

Review Headers

Scenario B) Click on submit the request.

MDN response will be provided as a response if the disposition-notification-to header was provided.

soapUI Request – Response

Navigate to Monitor Message Processing > Select Message > Review Headers

Compare the “SapAuthenticatedUserName’ header value with the client-id value from the service key.

Validate Payload

Here is an actual EDI file with MDN

MDN Attachment

Now you can test your EDI inbound scenarios and even set test cases using soapUI.

Happy testing 🖖🏻