If you have been working with B2B with BTP Cloud Integration, you surely have come across the scenario where you need to test your iFlows configured with Client Certificate Authentication. if you need to test your AS2 inbound iFlow fast and easy you can use soapUI and get that testing underway. Below you will find a quick tutorial on how to set soapUI to call your AS2 endpoint.
Assumptions:
- You have created and deployed an iFlow using AS2 Sender Adapter.
Example:
- You have credentials with a valid role to execute iFlow's in the BTP Cloud Integration tenant.
- You have a private key in ".pfx" or ".p12" format.
Step 1: Create a new REST project in soapUI
Input: AS2 Endpoint from your deployed iFlow
Step 2: Create the mandatory AS2 headers
- mime-version: 1.0
- as2-version: 1.2
- subject: soapUImsg <-- You need to use the same value as configured in your iFlow as Message Subject
- ediint-features: multiple-attachments, CEM
- as2-from: soapUIasPartner <-- You need to use the same value as configured in your iFlow as Partner AS2 ID
- content-disposition: attachment; filename="your_file_name_HERE.txt"
- message-id: provide a unique ID
- as2-to: myCompanyID <-- You need to use the same value as configured in your iFlow as Own AS2 ID
- disposition-notification-to: URL in case of MDN
- from: Email address associated with Partner
- content-type: Application/EDI-X12
Step 3: Change the Method to POST, the Media Type to "text/xml" and add content in the body
Step 4: Add credentials to the request.
Scenario A) Basic Authentication > Navigate to Auth> Add new authorization > Basic > Type in credentials from service key
Scenario B) Client Certificate Authentication or TLS Mutual Authentication
In the Navigator panel, select the project folder and access the "Project View" by right click and select the option "Show Project View"
Select the "WS-Security Configuration" tab > then select the "Keystore" tab
Click on the green + button and browse for the private key with the ".pfx" extension.
Note: For the demo, I will use S-User SAP Passport. IMPORTANT: I have previously configured an instance on the BTP cockpit and created a corresponding service key.
Close the "Project View" and in the request properties pane select the keystore from the drop-down in SSL Keystore
Important Note that in
Trial accounts no SAP key pair is provisioned. Because of this client certificate-based inbound authentication cannot be used. You can only use basic authentication with
clientid and
clientsecret generated in the service key
.
Step 5: Submit Request
Scenario A) Click on the Play button. Navigate to Monitor Message Processing
Review Headers
Scenario B) Click on submit the request.
MDN response will be provided as a response if the disposition-notification-to header was provided.
soapUI Request - Response
Navigate to Monitor Message Processing > Select Message > Review Headers
Compare the "SapAuthenticatedUserName' header value with the client-id value from the service key.
Validate Payload
Here is an actual EDI file with MDN
MDN Attachment
Now you can test your EDI inbound scenarios and even set test cases using soapUI.
Happy testing
🖖🏻