SAP Multi-Bank Connectivity is an SAP Business Technology Platform (BTP) solution managed by SAP to provide customers connectivity with their banks.
SAP Multi-Bank Connectivity is based on integration services deployed in the SAP Cloud that enable the integration of business processes spanning different departments, organizations, or companies.
For the integration between the customer's SAP system and SAP Multi-Bank Connectivity, the connector for SAP Multi-Bank Connectivity is utilized. All messages to and from SAP Multi-Bank Connectivity pass through the connector. Message monitoring is available at the connector for SAP Multi-Bank Connectivity using either the classical Connector Monitor (/BSNAGT/MONITOR, for releases before SAP S/4HANA 1909 FP01) or the Manage Bank Messages SAP Fiori app (starting at SAP S/4HANA 1909 FP01 or SAP S/4HANA Cloud).
Each message sent through the connector for SAP Multi-Bank Connectivity has a Sender ID, Receiver ID, message type, filename, message content, as well as other context information, such as SWIFT parameters or approval user information required for the integration towards the banks.
From the MBC landscape perspective, there are 2 MBC tenant provided. One tenant is connected to SAP Non-Production environment and another tenant is connected to SAP Production environment.
Especially for Non-Production SAP Landscape, consisting of Dev/QA/Pre-Prod systems, it is important to note that, only one SAP system can connect to test MBC tenant at a time, therefore it becomes critical to choose the phase in the project lifecycle, when the test MBC tenant will be pointing to Development/Demo system and when it should be integrated to QAS/UAT/SIT system.
Also it should be noted that connection to MBC is client specific, meaning, if the QAS system is having 2 client let's say 100 and 200, then the end points (covered later in this blog) provided by MBC team will be different for 100 and 200 and it will have different client specific RFC connections. And it will be connected to either QAS-100 or QAS-200 client at a time.
Direct connection from backend SAP system to the SAP MBC tenant should be allowed. This is to establish connectivity between on-premise SAP systems and SAP MBC tenants.
There are 2 types of configuration possible for ERP systems to SAP MBC:
This blog covers HTTP connectivity option.
Following prerequisites are required for performing ERP system integration to SAP MBC:
Get SSL Client Standard PSE certificate (own-certificate) CA signed for Transport Level Security. This is a mandatory prerequisite step to enable ERP system to exchange messages with MBC tenant. This step is required to be completed before the MBC onboarding phase.
Follow below procedure to get SSL Client Standard PSE certificate CA signed.
Once the SSL Client standard PSE certificate is signed by SAP trusted CA, export this certificate (own-certificate) and send to MBC Onboarding team. MBC team will upload this certificate to relevant MBC tenant.
For the easy of certificate maintenance, one CA signed certificate can be used for Non-Production environment by maintaining SAN names for all the non-production system while creating the certificate signing request (CSR).
Configure SSL Client Standard PSE by importing Root and Intermediate certificates of MBC Load Balancers.
As a pre-requisite check applicability of below SAP Notes, depending on the Support Pack and version of your ERP system
3091189 - Objects for direct http communication (HTTP API)
3103718 - Mention RFC Destination for HTTP API
3133824 - Maintenance view for HTTP API settings
Before proceeding with configuring the destinations, make sure direct connectivity is enabled and certificates are exchanged between MBC and ERP system.
While sending the CA signed certificates to MBC, also mentioned the SAP SID and SAP Client for which MBC connectivity would be configured. In return to this, MBC team would be sending following details:
To create the RFC destinations, login to SAP system and execute SM59 transaction. Use below details
To create the RFC destinations, login to SAP system and execute SM59 transaction. Use below details
The result of the connection test is expected to HTTP-500. If that is the result then connectivity to MBC is assumed to be established. Actual connectivity can only be determined when payload is passed using these RFC connection to the MBC tenant.
Login to SAP System and execute SPRO --> Multi-Bank Connectivity --> Maintain Routing Settings.
Create new entry with following details and SAVE the changes.
To pull messages from MBC, you need to setup default pull type that uses HTTP API
To set this, proceed with maintaining following configuration in SPRO --> Multi-Bank Connectivity --> Maintain Pull Type and SAVE your changes.
Along with TLS, MBC uses Message Level Security (MLS) for
Follow below steps for configuration Message Level Security
Hash Algorithm : SHA256
Encryption Algorithm: AES128-CBC
Select Checkbox: Include Certificate and Digital Signature with Data
Execute transaction STRUST and you will see an entry for SSF BSNAGT. Initially the BSNAGT entry would have a cross sign as the PSE would not have been created.
Right Click on BSNAGT entry and create PSE, provide necessary details and you will have BSNAGT PSE created, similar to below.
Export the own certificate for BSNAGT PSE and send the certificate to SAP MBC team.
SAP MBC team would provide the MLS certificate to be imported in to BSNAGT PSE. Once received, import the certificate into BSNAGT PSE.
Go to SPRO, and navigate to below configuration item
Add new entry and maintain following,
Messages can be monitored using /n/BSNAGT/MONITOR (Connector Monitor)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
19 | |
13 | |
8 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 |