The OPI2 AS2 adapter enables SAP NetWeaver PI to transfer messages based on the standardized AS2 protocol.
The adapter is part of the OPI2 open source project for SAP NetWeaver PI. It is available on sourceforge in different versions (http://opi2.sourceforge.net). There you can also find detailed documentation that describes - among other things - the deployment of the adapter.
This how-to document (available also as PDF) is a step-by-step guide that shows how to use the OPI2 AS2 adapter based on two example scenarios. As partner system we use the mendelson AS2 server.
1. mendelson to PI (AS2 sender channel)
Please notice that the AS2-sender-channel automaticly sends back a “Message Delivery Notification” (MDN) to mendelson. (synchronous)
2. PI to mendelson (AS2 receiver channel)
Notice that mendelson sends back a MDN synchronously. This MDN has to be converted to an asynchronous message in order to save it to a file (via file receiver channel). Therefore we will use the adapter-module “ResponseOnewayBean” that acts as a synch-asynch bridge.
We will use the mendelson AS2 server as external system. For encryption and signature we will create keys and certificates that will be imported to mendelson and PI.
The mendelson AS2 Server can be downloaded at http://www.mendelson-e-c.com/products_os.php. To start the installation run the file „install_mendelson_opensource_as2_1.1b37.exe“ and follow the instructions.
For a first test you can start mendelson AS2 server and run following URL in your webbrowser:
http://<your_ip>:8080/as2/HttpReceiver
You should see the mendelson release and the message „You have performed an HTTP GET on this URL“.
The keys and certificates can be generated with Portecle. You can find Portecle on http://portecle.sourceforge.net/. Just use the launch button to start the programm.
For both parties we have to take following steps:
Remark: You can also generate the keys directly inside NWA. Here we will describe the creation of the keys using Portecle. Later we will import those keys into NWA.
We choosed following names:
PI | mendelson | |
keystore (filename) | TPI-as2-keystore | certificates.p12 |
keypair inside the keystore (alias) | TPI-as2-keypair | mendelson-as2-keypair |
exported certificate (filename) | TPI-as2-cer.cer | mendelson-as2-cer.cer |
Steps for mendelson keys/certificates
Generate keystore: File -> New Keystore
choose PKCS #12 and confirm with OK
Generate Keypair: Tools -> Generate Keypair
Export certificate: right-click the keypair -> Export
Keep configuration and save certificate (filename mendelson-as2-cer.cer)
Save keystore: File -> Save As (filename certificates.p12, choose password)
You have to repeat the steps to generate PI keystore, PI keypair and PI certificate.
mendelson
The mendelson AS2 Server uses a keystore file certificates.p12 in the installation directory of mendelson. This keystore must contain the private key of mendelson and the certificate of PI.
File -> Preferences -> Security Tab -> Keystore password (encryption/signature)
PI
In PI the keys and certificates are maintained in the NWA. There we will need the private key of PI and the certificate of mendelson.
Start mendelson AS2 Server, klick Partner and add two parties:
mendelson_AS2
The checked box Local station specifies that this party represents the mendelson AS2 Server itself. We need to maintain a unique AS2 ID for each of our AS2 partners. We will have to maintain the same AS2 IDs later when we create the Parties inside PI.
We use the same private key (of mendelson) for both decryption and signature creation.
The MDN URL is used when we send messages out of mendelson. It specifies where the receiver system should send the MDN to.
TPI_AS2
This Party represents an external system (PI).
We use the same certificate (of PI) for both encryption and signature validation.
To send the AS2 Message to PI AS2 adapter you have to use following Receipt URL:
PI 7.3x
http://<host>:<j2eeport>/AS2HttpAdapter/AS2AdapterFacade?
FS=<from_service>&TS=<to_service>&IF=<outbound_interface>&NS=<interface_namespace>
older releases
http://<host>:<j2eeport>/AS2HttpAdapter/servlet/AS2AdapterFacade?
FS=<from_service>&TS=<to_service>&IF=<outbound_interface>&NS=<interface_namespace>
for our case we have
http://<host>:<j2eeport>/AS2HttpAdapter/AS2AdapterFacade?
FS=mendelson_AS2_Service&TS=TPI_AS2_Service&IF=CustomerOrder_out
&NS=http://cbsgmbh.com/pi/PA/TRN/LGCY01/SalesOrderCycle/KMO/10
At the moment the OPI2 AS2 Adapter supports only synchronous MDNs. We request a signed MDN.
The values of the other tabs can be kept on default.
For both Scenarios
Create a Party and a Business Component for both mendelson and PI. Choose the Service Interfaces you want to use.
Party
Remark: The values under Agency and Scheme are fix. Notice that for the key “AS2 ZZZ 117” there are two subsequent spaces in each case.
Business Component
Scenario 1 (mendelson to PI)
When you create the Integrated Configuration you have to maintain a Virtual Receiver because the AS2 message has the attributes To-Party and To-Service when it enters PI. (To-Service is specified in the Receipt URL of the mendelson partner configuration)
OPI2 AS2 Sender Channel (with keys and certificates)
Scenario 2 (PI to mendelson)
After sending the AS2 message to mendelson the MDN of mendelson is transformed to an asynchronous message using the Module “Response Oneway Bean” in the OPI2 AS2 receiver channel. This asynchronous message is processed by a second Integrated Configuration, which must use the receiver interface of the AS2 message to mendelson as sender interface. (Remark: since this is an inbound Interface, you cannot choose it using the value help. You have to type the name.) The SOAP sender channel we use is just a dummy to enable the creation of the Integrated Configuration.
Integrated Configuration for the message of PI to mendelson
Here we don’t need a Virtual Receiver.
Remark: For this scenario (AS2 inbound message / receiver channel) you can alternatively set the message header (sender party, sender component, receiver party, receiver component) in the tab Outbound Processing. You have to work this way if the real sender component of the message is not assigned to a party.
Integrated Configuration for the MDN of mendelson to PI
We need a Virtual Receiver again because the asynchronous message we get back after processing by the Response Oneway Bean has the attributes To-Party and To-Service.
OPI2 AS2 Receiver Channel (with keys and certificates)
Module Configuration of the OPI2 AS2 Receiver Channel
mendelson to PI
Start the mendelson AS2 server, choose File -> Send file to partner and choose the sender, the receiver and the file you want to send.
After pushing Ok you should get the information that the message is successfully encrypted, signed and sent to the receiver and that a MDN is received successfully.
Also have a look at the message in Communication Channel Monitoring and Message Monitoring.
PI to mendelson
Put the file you want to send in the source directory of your file sender channel. As soon as the file is processed by PI you should see some informations in mendelson telling you that the message is successfully received and decrypted, the signature is verified successfully and a MDN is sent back synchrounously.
Also check in Message Monitoring that the MDN is successfully received and processed by PI.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
9 | |
4 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
3 |