Technical Articles
Configuration of FTP and SFTP adapter in Cloud Integration(CPI)
Dear Reader,
In this blog post I will explain each step required to configure FTP and SFTP adapter in CPI using basic authentication.
The FTP adapter allows you to configure transport protocol FTP/FTPS for the connection to the FTP server to send messages to the FTP server or to receive messages from the FTP server. FTP adapter uses TCP protocol to connect to CPI tenant to remote system to send/receive files.
The SFTP Adapter connects an SAP Cloud Integration tenant to a remote system using the SSH File Transfer protocol to write files to the system. The SFTP adapter uses a certificate and keystore to authenticate the file transfer unlike the standard FTP. The SFTP adapter achieves secure transfer by encrypting sensitive information before transmitting it on the network. It uses SSH protocol to transfer files.
We have requirements mostly in Financial workstream to poll the files from bank server and post the files to SAP system without changing the content of file. File format can be any XML, TXT, CSV, BAI, BAI2 etc.
Message flow will be like this:
Message Flow
Steps required to configure this Integration Flow in CPI:
Step1: To connect to FTP server we should have FTP server url/IP address, port, user id and password details. To connect to FTP server, we should a establish TCP connection in Cloud connector first.
You need to login to cloud connector and go to Cloud to On Premise and add Mapping virtual to Internal system.
Here we need to maintain 2 connections. One is FTP control connection with port 21 and other one is FTP data connection with port data port range.
Step 2: Deploy FTP credentials to Security material of CPI.
Step 3: Create TCP connection for SFTP server same as FTP:
Step 4: Update SFTP Known_host file in CPI security material. If it is not available, then we can create this file and deploy in CPI.
Now how to get this known_host details (public key) of SFTP?
Option 1: get it from SFTP server admin.
Option 2: We can generate it ourselves using connection test in CPI tenant.
Operations view- > Manage security-> Connectivity test->SSH
Provide your virtual host created in Cloud connector, SFTP port, CPI location id and click send. It will generate the host key. We can copy this host key and update in known_host file.
Step 5: Deploy SFTP credentials in security materials.
Step 6: Create Integration Flow in CPI.
Content modifier header property is used to keep file name same as source.
Step 7: Now deploy the iflow.
Step 8: Testing the Iflow: I have placed the file on FTP server directory:
So, file Test_18_09_2021.txt has been picked up and sent to SFTP server location with same file name.
In this blog post we learnt about how to configure FTP and SFTP adapter in cloud platform integration using basic authentication.
References:
Configure the SFTP Receiver Adapter – SAP Help Portal
Configure the FTP Sender Adapter – SAP Help Portal
https://launchpad.support.sap.com/#/notes/0003076681
Happy reading 🙂
Thanks & Regards,
Nisha Shrivansh
Thanks for sharing, very useful 🙂
Nice blog! Thanks for sharing.
Just a basic question: what is the trigger of this flow?
Such as putting a file into the source directory, or the flow triggers itself every x minutes.
Best regards,
Mio
Hi, You need to schedule a time on scheduler option in FTP adapter, iflow pulls the file in that defined period.
Thanks & Regards,
Nisha Shrivansh
Thanks for your answer. Understood.
Best regards,
Mio
Hi Nisha,
Could you give us a view on how to maintain the values in known_host file
2. What if we have multiple SFTP servers connecting via different flows in same tenant
In this case, how do we differentiate multiple values in a known host file?
Thanks,
Dinesh
Hi Dinesh,
Sorry for late reply.
you can get the host key by performing the SSH connection test under connectivity test tile.
if there are multiple SFTP servers connected with same CPI tenant then we need to maintain all host key entries in the same known_host file.
Thanks & Regards,
Nisha Shrivansh
Hi Nisha,
Understood!
I'm connecting to the local system directory from CPI, below is the error I'm getting while generating fingerprint
Proxy-Type given as Internet
com.jcraft.jsch.JSchException: java.net.ConnectException: error 111 - Connection refused (Connection refused) (local port 54160 to address 0.0.0.0, remote port 22 to address X.X.X.X
Proxy Type given as On-Premise
com.jcraft.jsch.JSchException: Session.connect: java.net.SocketException: SOCKS5 command failed with status: FORBIDDEN
Any clue on what could be the issue?
Thanks,
Dinesh
Hi Dinesh,
I am also getting the same error , any idea on how to resolve this ?
Hi Sanjeeb,
In my case, it was cloud connector issue. I recreated the connection in CC and restarted the SFTP server then it started working
Thanks,
Dinesh
Hi Dinesh,
Thank you for the response. Its a FTP server on my side, I will see if restarting that makes any difference or not.
Hello Nisha,
In the blog you mention that "we need to maintain 2 connections. One is FTP control connection with port 21 and other one is FTP data connection with port data port range."
One is FTP control connection with port 21, I can see, the first scree print. What about FTP data connection with port data port range?