Technical Articles
Connect SAP Platform Integration with Alert Notification Service (Cloud Foundry)
Recently I was following the following blog post while trying to set-up Alert Notification Service in our Cloud Foundry environment: https://blogs.sap.com/2019/10/14/receive-notifications-for-failed-sap-cloud-platform-integration-flows-via-any-channel-with-alert-notification/
However, due to the fact that the post was written for the Neo environment, I was missing some details regarding the set-up and configuration of the user credentials for the connection between the Cloud Integration IFlow and the ANS Service as well as from IFlow to the Cloud Integration API. Therefore I wrote this post in order to add and further explain the missing details.
Process to set-up the credentials
- First create an instance of the ANS in your Cockpit under “Instances and Subscriptions”. Click Create and choose “Alert Notification” form the dropdown.
- Create a service key for this instance by clicking on the instance name and then on the “Create” button next to “Service Keys”.
- Give it an arbitrary name (e.g. “Basic”)
- Enter the following in the JSON text area:
{"type":"BASIC"} - Click Create and then onto the name of the key. You will see the credentials, copy them.
- Now get the API service key credentials from your Process Integration Instance.
- You can use the default instance’s key (default_it-rt_api) if available, or create a new service key of type API (not integration-flow!) and assign the Monitoring Read role. Save the details from the JSON, you will need them later.
- You can use the default instance’s key (default_it-rt_api) if available, or create a new service key of type API (not integration-flow!) and assign the Monitoring Read role. Save the details from the JSON, you will need them later.
- Go to the Cloud Integration → Discovery → Search for Alert Notification and copy the package “Send notifications for failed Message Processing Logs” to your design space (Copy button at the top right).
- Create a new Security Artifact of type Oauth2 Client Credentials on Cloud Integration (CI). Enter your service key details from step 3. It’s the connection to the API of CI.
- Create another Security Artifact for the connection to the ANS. This is Basic authentication, so the type is User Credentials.
- Enter the details of the Service Key of the ANS instance. See step 2.
- Enter the details of the Service Key of the ANS instance. See step 2.
- Go to the Iflow and configure the externalized parameters as follows:
- CI Tenant Base URL:
Take it from your browser’s URL when you access CI. Update 1 April 2023: According to the comment below from Flavio Philippi you need to use the URL as shown in the Service Key dialog. - Authentication: In our case it must be Oauth 2. Basic won’t work for API access with a service key. It only works with an S-User (or any other user that is in a identity provider), but that is not suggested for a technical connection.
- Credential name: The security artifact name of step 4.
- CI Tenant Base URL:
- Clock on the tab “More”
- Enter the name of the security artifact for the connection to the ANS in the text box “Service Technical Client Name”:
- Enter the name of the security artifact for the connection to the ANS in the text box “Service Technical Client Name”:
-
- The resource event base URL you can copy from the service key on the ANS instance:
You then have to add the following path to the URL (that you’ve copied from the service key above):
- The resource event base URL you can copy from the service key on the ANS instance:
/cf/producer/v1/resource-events-
- Enter the name of the Security Artifact (from step 6) in the field “Service Technical Client Name”.
- Save the configuration and deploy the iflow.
Configuration of the ANS
- Access the ANS management console by clicking on the name of the ANS instance or using the button at the top right of the instances page (in your Subaccount > Menu “Instances and subscriptions”):
- Click “Export or Import” and paste the following sample code into the import window. Replace the email address placeholder with your own address. It creates a basic scenario that alerts your about all failed Iflows. You can configure it further. For this, see other documentations. This example is copied from the blog mentioned at the top.
{
"conditions": [
{
"name": "CPIIntegrationFlowIsFailed",
"propertyKey": "eventType",
"predicate": "EQUALS",
"propertyValue": "CPIIntegrationFlowExecutionFailure",
"labels": [],
"description": ""
}
],
"actions": [
{
"name": "SendMeAnEmail",
"state": "ENABLED",
"labels": [],
"description": "",
"destination": "<Enter your email here>",
"type": "EMAIL"
}
],
"subscriptions": [
{
"name": "FailedIFlow",
"conditions": [
"CPIIntegrationFlowIsFailed"
],
"actions": [
"SendMeAnEmail"
],
"labels": [
"CPI"
],
"state": "ENABLED",
"description": ""
}
]
}
Last but not least
Use the steps explained under “Configure SAP Cloud Platform Integration” in the blog post mentioned at the top in order to set-up the IFlow on Cloud Integration, which hasn’t changed.
I hope with this post setting up the Alert Notification Service becomes a piece of cake 🙂
Let me know if anything is unclear.
Hi Philippe,
Nice Blog.
Regards,
Mastan
Hi Phillipe,
If I use oauth as per your blog, I am getting 401. If I use basic user with my user, it works as I have full access. Could you help with it? I am using one of keys as highlighted below.
Thanks,
Hemant
It is working after creating instance for api instead of iflows and assigning monitoring read role.
Thanks for your feedback Hermant!
Thanks!
Your blog really helped a lot
Finally got around to tinkering with event based alerting for our failures and this blog filled in the gaps - the documentation in the CPI package had a lot of holes. I need to keep a custom flow for certain cases where we make use of escalation status to avoid endless JMS retries, but this can replace the custom management for iFlows that fail. Nice work supplanting the SAP help!
Glad it helped, Ryan!
Right, I remember that we also ran into the issue of the missing notification for the Escalated status.
Hii Philippe,
I done the configuration everything according to your blog but I am getting this error when I deploy the integration.
Error: com.sap.gateway.core.ip.component.odata.exception.OsciException: An exception of type 'WstxUnexpectedCharException' occurred., cause: com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '=' (code 61); expected a semi-colon after the reference for entity 'client_id' at [row,col {unknown-source}]: [1,521]
Error Screenshot.
Can you please help me in this or if anybody has information regarding this please let me know?
Thanks
Shivam
Hi Shivam, did you find any fix for this error? I am having it too and can't find a solution for it.
Thanks,
Flavio
Hii Flavio,
No till now I don't find any fix for this error. That's why I ask Philippe Ador regarding this.
Hii Philippe Ador,
Can please help us to find the fix for the above error?
Thanks
Shivam
Shivam,
It seems that we cannot use the same URL (hostname) from CI anymore. I used the "URL" that was auto-generated when we create the Service Key to connect to the API.
And the flow finally worked fine:
Hope it helps you.
Best regards,
Flavio Philippi
Hii Flavio Philippi,
Thanks this fix works for me also. Thanks for sharing this info.
Best Regards
Shivam Sharma
Thanks for sharing, Flavio! Blog is updated with a remark.
Hi Philippe,
Thanks for sharing the blog, its really helpful to use the Alert notification Service.
I am trying build the same solution to my client in CPI but when searching for the Alert notification service in subaccount level, i did not found search service activated for my sub account.
Can you please let me know how can i get this service enabled?
Regards,
Sudesh T
Hi Sudesh,
goto Instances and sub and click on create
then search for Alert Notification
Hi Mastan,
Thanks for responding.
I have checked this option, but for my account I am unable to see Alert notification service from the drop down.
Regards,
Sudesh T
Hi Sudesh
Afaik it's not free to use. If you or your client wants to subscribe to it, you need to add the corresponding entitlement (see Entitlements in the menu further below, then click Configure Entitlements. You have to be a Global Account Admin).
Philippe
Hi Philippe,
How can we get this Entitlement added into our tenant, i have checked with lead who is a global account admin but he was also not able to see the Entitlement.
Regards,
Sudesh T