cancel
Showing results for 
Search instead for 
Did you mean: 

Trading Partner Management: Problem with Partner IDs

philippeaddor
Active Participant
0 Kudos

We're trying to use the Trading Partner Management with the (recently updated) TPM IFlows (Package "Cloud Integration - Trading Partner Management") for the first time and are facing the problem that inbound AS2 messages result in this error:

com.sap.it.api.pd.exception.PartnerDirectoryException: No partner registered for the incoming request

As far as I can see, the partner lookup is done via the AS2 partner ID (and not the ID from the message payload UNB segment (in EDIFACT)).

When I look into the mapping script where the error probably occurs, I see that reading the sender ID (and other header properties too) is commented out. (The trace for some reason ends with the first step (AS2 sender channel) and shows the error there. However, I'm not sure if the AS2 channel already tries to access the PD).

That's the line I'm talking about:

 //def sndAS2OwnID  = headers.get("SAP_AS2OwnID")

But maybe I made a configuration error in TPM or when sending the message. I use Mendelson to test it and am not sure if the AS2 partner and receiver ID are the ones that TPM is matching with the ID on the Identities tab. Can somebody let me know if you're able to run this TPM flow successfully?

Thank you

Accepted Solutions (1)

Accepted Solutions (1)

philippeaddor
Active Participant

Thanks ryan.crosby2 for the valuable input! I'm one step further! Thanks to the linked Design Guidelines page, I realized that the error definitely occurs during inbound processing in the AS2 adapter during the lookup of the certificates, where you pointed me to. I found out that the sequence for this lookup is as follows:

1. search PD table AuthorizedUsers for the user that did the Basic Authentication when calling the channel.

2. Fetch the certificates linked to this users in the BinaryParameters table.

The sentence "The Partner Id is determined according to the sending user (Authorized User)" here ("Use the AS2 Adapter with Dynamic Encryption and Signature Verification") did it.

I then started playing with the there mentioned example AS2 sender IFlow which made clear wehre the problem lies:

I used one of my S-Users for the authentication and have maintained it via TPM ("User Account" in the partner system's sender communication channel). As I checked with Postman in the PD API, the S-User got correctly maintained in the AuthorizedUsers table. Now the thing is that this S-User is linked to my SAP Universal User... And then it turns out that the AS2 adapter takes the S-User and pulls its email address (user name of the Universal User) in order to perform the PD lookup! Naturally I have assumed that the username in the PD is equal to the one from the Basic Auth...

Unfortunately the error message doesn't say that and the header SapAuthenticatedUserName, that is read by the script in the PD example Iflow and apparently set/used by the adapter for the lookup, is not yet visible in the trace of the AS2 sender step. So I had no clue until I removed the certificate/signature validation and let the message pass to the script where I then saw the different username in the header!

One more potential source of failure when using TPM: After changing the setting "User Account" in the partner system's communication channel one has to reactivate the partner's Agreement (deactivate and reactivate). Only then the PD "AuthorizedUser" record gets updated with the new value of the configured user account!

Summary: Use the email address of the Universal User for the partner's "User Account" setting in TPM (or AuthorizatedUsers in TP), or better (and for productive use for sure), create a service key on Cloud Foundry (would need for each partner one Integration Flow Instance so that the user name is different per partner) or technical S-User that is not linked to any Universal Account.

Answers (2)

Answers (2)

Ryan-Crosby
Active Contributor

Hi Philippe,

The partner id in the sender AS2 flow is retrieved based on the sender public key information (i.e. pd:SenderPublicKey) and that key has to be recorded in the partner directory based on the information provided in his help page - Certificates for Partner Directory. It does reference Mendelson, but it is also relevant for straight partner integration. I cannot speak for anything else in the TPM flows because we are not using those, but I do know that is how the dynamic AS2 flow works.

Regards,

Ryan Crosby

philippeaddor
Active Participant
0 Kudos

Thanks Ryan for the valuable input! I'm one step further! See my own answer below (for better readability). In short: The TP partner ID is actually determined based on the username of the Basic Auth which has to be added to TP's AuhorizedUser table. And in case it's a S-User with Universal Account, one needs to add the email instead of S-User despite using the S-User for the Basic Auth.

VijayKonam
Active Contributor
0 Kudos

I am working on the IDoc to As2 side and it took for me to understand how the SAP_TPM_<partner digest> is being created. Enable trace and check the Digest key. This is something like 1234566-AS2--sfkdf-sdfsdf etc. I had to tweak the partner configuration to match the sequence that is used in the Groovy scripts.

For instance, I have to use SAPCLNTXXX format as my identifier for the IDoc iFlow. Hope this helps.

philippeaddor
Active Participant
0 Kudos

Thanks Vijay for your hints. I have already managed to configure the direction SAP IDoc to AS2. You're right, I also had to use the logical system name (as in the IDoc header field SNDPRN) in my case to make TPM find the agreement.

nandhini_91
Explorer

Hi Vijay,

I am working on IDOC >> AS2 scenario and have configured IDOC identifier as SAPClientSNDRPRN but unfortunately it's failign in the groovy as it is not able to find the Partner Id.
Below is the error

javax.script.ScriptException: java.lang.Exception: java.lang.IllegalStateException: Parameter recDocumentStandard not found for
Partner ID: SAP_TPM_52d883311189fd59490b956452d3632a
Match String: IDOC-SAP_IDoc--1809_FPS02-XXXXXXX-----SCIDEV-----ORDRSP.ORDERS05.ZORDERS0501
@ line 401 in callPDwithHeaderParameters.groovy, cause: java.lang.IllegalStateException: Parameter recDocumentStandard not found for
Partner ID: SAP_TPM_52d883311189fd59490b956452d3632a
Match String: IDOC-SAP_IDoc--1809_FPS02-XXXXXXX-----SCIDEV-----ORDRSP.ORDERS05.ZORDERS0501

Can you please help me here ?

Thanks,

Nandhini R.

former_member105769
Participant
0 Kudos

Did you find a solution for this error?