SAP SFTPAdapter En

SEEBURGER SFTP Adapter for SAPNW Process Integration

Configuration Guide

Release 2.1.5

January 18, 2011

1 Terms and Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.2 Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.3 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.4 Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3 Channel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103.1 Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.2 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.3 Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.3.1 Resource Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

3.3.2 Receiver Channel (Outbound Processing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

3.3.2.1 Payload Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.3.3 Sender Message Channel (Inbound Processing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

3.3.4 Message Splitting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

3.3.4.1 Payload Handling on POLL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.3.4.2 Polling Retries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.3.5 Sender Report Channel (Inbound Processing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

SEEBURGER SFTP Adapter for SAP NW Process Integration - ConfigurationGuide

1

Table of Contents

3.3.6 Dynamic Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

3.3.6.1 Outbound Direction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

3.3.6.2 Inbound Direction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

3.3.7 MessageIDStore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

3.3.7.1 Proxy Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

4 Log Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

5 Appendix A: Sample Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6 Appendix B: Supported Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39


2

Copyright (c) 2010 SEEBURGER AG (http://www.seeburger.de). All rights reserved.

If (registered or pending) trademarks are named in this document, the rights of the respectiveproprietors apply.

Note: False configuration and/or improper use of communication components may cause high costs.Also consider configuration changes initiated by your telecommunication provider. SEEBURGER isnot liable for related additional costs.

Note:We expressly declare that the document "SEEBURGER Legal Information" (delivered alsowith your BIS installation media) is part of this documentation.

Figures

Processing Sequence/Module Configuration 17


3

3-1

1 Terms and Definitions


4

Abbreviation/Term ExplanationAS1 (Correct: EDIINT AS1:) Applicability Statement 1

(See RFC 3335)

AS2 (Correct: EDIINT AS2:) Applicability Statement 2.

CAPI Common ISDN application programming interface:An API standard used to access ISDN devices (e.g. ISDN card).

CCITT Committee Consultative International Telephone and Telegraphic:Former name of the technical committee of the ITU.

Communication channel Refer to the SAP Exchange Infrastructure documentation.

Converter The SEEBURGER Business Integration Converter (BIC) module. SeeBIC documentation.

ebXML Electronic Business using extensible Markup Language

EDI Electronic Data Interchange

EDIFACT Electronic Data Interchange for Administration, Commerce andTransport. (http://www.unece.org/trade/untdid/welcome.htm).

EDIINT EDI over INTernet

EERP (End to End Response):Facility of OFTP used as reception acknowledgement.

EFID (End File) frame of the OFTP protocol used for indicating the end of afile.

EFNA (End File Negative Answer) frame of the OFTP protocol used forrejecting an EFID frame.

ESID (End Session) frame of the OFTP protocol used to close a connection.

EXITE/ECODEX Popular VAN protocol from IBM.

FTP (File Transfer Protocol): TCP based protocol for file exchange. Basedon RFC950

http://www.unece.org/trade/untdid/welcome.htm


5

Abbreviation/Term ExplanationFTP VAN VAN network using FTP protocol as a gateway for the users.

GE_MARK_III andGE_MARK_3000

Popular VAN protocols from GE Information Services.

GEIS The marketing name of GE_MARK_III protocol.

HTTP HyperText Transfer Protocol

IBMIE (IBM Information Exchange): Popular VAN protocol from by IBM

IETF Internet Engineering Task Force.

IMAP4 Internet Message Access Protocol Version 4(See RFC 2060)

IPM Inter Personal MessageX.400 message, can be compared to an e-mail in Internet Mail.

IPN Inter Personal Notification:X.400 notification, used for receipt notifications and delivery reports.

ISDN Integrated Services Digital Network:Communication standard for sending voice, video, and data overtelephone lines.

ISO International Organization for Standardization.

ITU International Telecommunication Union.

MDN Message Disposition Notification.

MIME Multipurpose Internet Mail Extensions (RFC 2045)

Module sequence Refer to the SAP Exchange Infrastructure documentation.

MS Message Store:Located between an MTA and a UA. Serves a single UA and interactswith the MTA instead of the actual UA.

MTA Message Transfer AgentMessage switch in a mail network (usually SMTP server)

ODETTE Organization for Data Exchange by Tele Transmission in Europe.

OFTP Odette File Transfer Protocol. Communications standard used in EDItransactions, especially, but not only, in the automotive industry.

P1 Protocol for communication between X.400 MTAs.

P2 or P22 Protocol for communication between X.400 UAs.

P3 Protocol for communication between X.400 MTA and X.400 UA orMTA and MS.

P7 Protocol for communication between X.400 MS and X.400 UA.

POP3 Post Office Protocol Version 3(See RFC 1939)


6

Abbreviation/Term ExplanationPSAP Presentation Service Access Point:

Entry point to the presentation layer (Layer 6 in the OSI model).

SCP Secure Copy Protocol:This standard is a previously established protocol that provides onlysecure file transfer.

SFID (Start File) frame of the OFTP protocol used for signalling thebeginning of a file.

SFNA (Start File Negative Answer) frame of the OFTP protocol used forrejecting a SFID frame.

SFTP SSH File Transfer ProtocolThe SSH File Transfer Protocol (SFTP) provides secure file transferand file access on a remote file system over any

SigG German signature law (“Signaturgesetz”)

SMTP Simple Mail Transfer Protocol(See RFC 2821)

SOAP Simple Object Access Protocol

SSAP Session Service Access PointEntry point to the session layer (Layer 5 in OSI model).

SSH Secure Shell:is a protocol for secure remote login and other secure networkservices over an insecure network.

SSID (Start Session) frame of the OFTP protocol used during connectionsetup.

SSL Secure Socket Layer:Protocol for encrypting TCP communication.

TCP Transmission Control Protocol Communications standard used inTCP/IP networks (e.g. the internet), which allows two computers toestablish a connection and to exchange data.

TSAP Transport Service Access PointEntry point to the transport layer (Layer 4 in OSI model).

UA User Agent:Interface between the user and the message transfer system (i.e. MSusing P7 or MTA using P3).

VAN (Value Added Network):Proprietary communication network providing some added services tothe end user – security, traceability, replies, etc.

X.25 Standard for packet-switching networks.


7

Abbreviation/Term ExplanationX.400 Message Handling Services:

Standard for electronic mail exchange (similar to internet mail),defined by recommendations of the CCITT (now ITU in 1984) andCCITT/ISO (1988).

XML eXtensible Markup Language

XML document SAP Exchange Infrastructure message format, based on XML.Therefore, the present document refers to the messages processedby SAP Exchange Infrastructure as an XML document.

2 Introduction

2.1 Purpose

The SEEBURGER SFTP Adapter is responsible for transmitting files according to the SFTP protocol.This protocol is commonly used in Business-to-Business scenarios.

2.2 Integration

The adapter can be configured in the configuration part of the Integration Builder. The adapter isbased on the Adapter Framework and is executed by the SAP J2EE Adapter Engine as shown in thediagram.

2.3 Features

The adapter supports:


8

• SFTP: for sending and receiving files


9

• PUT: Supports appending to target file, overwrites the target file, fails on an existing target,and generates a unique target file name.

• GET/POLL: Specify full file name to fetch (no wildcard)/fetch file using wilecards.• DELETE: Retrieved files can be deleted or left on the remote server depending on the settings

in the channel.

• SCP: for sending files.• RSA and DSA keys.• Password, Keyboard-interactive and private key authentication methods.• Keep an SSH connection open for a certain time (Keep-Alive).• Proxy support - HTTP and SOCKS 4/5 proxies• Provides FIPS mode by applying a FIPS-140-compliant cryptography module.

2.4 Restrictions

• SFTP Adapter only supports SFTP V3 or lower• Adapter doesn't support SFTP version 4 - no text mode, no canonical newline character, no UTF-8

file names; all these features are part of SFTP V4• The following SFTP commands are not available: ls, chmod, chgrp, chown, symlink• Case-insensitive polling/getting is not supported.• The SFTP Adapter doesn't support diffie-hellman-group14-sha1 key exchange.

3 Channel Configuration

3.1 Use

The SEEBURGER SFTP Adapter must be configured in order to exchange files with your businesspartners over the SFTP protocol.

3.2 Requirements

The SEEBURGER SFTP Adapter and its metadata file must be installed.

3.3 Actions


10

1. To configure the adapter, select the SFTP adapter type in the communication channel.

2. Select whether the adapter will be used in a sender or receiver channel, and which messageprotocol will be used: SCP or SFTP.

If you selected the option sender channels, only the SFTP protocol can be selected.

Public Keys Administration

Whenever the SFTP adapter establishes a SSH connection to a server it will receive the public key ofthe server and will check if the key (and therefore the server) is known by the adapter. This key will beused for the authentication of the server.

If it is a known key the connection will proceed, if not, it will fail and the public key of the server will bestored in a Pending keys store view. The pending keys view name is defined over thehostPendingStore MCF property. You already created this view during the adapter setup process.

Pending keys should be reviewed by an administrator and manually moved (use the Import from Otherbutton in the NWA) to the Known keys store view. The name of the Known keys view can be any nameyou enter in the configuration of the communication channel.

New keys to be stored in the Pending keys view must first be converted to a certificate. For thispurpose, the adapter creates a certificate with the key of the new host using the CA keys defined overlocation information in the MCF properties hostDSACA and hostRSACA. The CA keys must becreated during the adapter setup process. This process is transparent for you and does not requireany maintenance.

Fingerprint Verification

The fingerprint of the SSH host is written in the OU element of the distinguished name (DN) of thegenerated certificate. This string must be compared with the real fingerprint of the particular host. Thisfingerprint can usually be requested from the administrator of the SSH host.

If the wide-spread OpenSSH Daemon is used, the fingerprint of the public key can be computed anddisplayed using the command:

ssh-keygen –l –f <path to SSHD public key file>

Private Keys Administration

A common way of user authentication in a SSH server is the user/password approach. However it isalso possible to use a private key for such authentication. In this case the private key must beavailable in the NWA key storage service.

You must select Private Key Authentication as authentication method in the communication channel,and enter a private key name which must have the format USERS\viewname\entryname.

Your public key must of course be known by the SSH server and must be assigned to your user. Thisconfiguration must be done by the server’s administrator.


11

Attention: Do not use the fingerprint field of the generated certificate. The value ofthis field is related to the generated X.509 container certificate. Always use the OUvalue of the distinguished name (DN).


12

Example for Private Key Setup

There are two approaches to create such a key.

This first one is the creation of such a key on the SSH server that will be accessed with that key. TheSSH server has usually such tools. In this case it is needed to import the remotely generated key tothe NWA key storage service in an appropriate format. This import has often caused problems due tomarginally different key formats that are rejected by the NWA key storage service and are thereforenot recommended.

The second approach generates the key using the NWA key storage service. This key is exported tothe SSH user's home directory at the SSH server later on. This approach is working for at least thecommonly spread OpenSSH server and will be described in detail below:

1. Open the NetWeaver Administrator (NWA) | Key Storage.2. Select the view you are using for your private keys and click on the Create button.3. Enter an entry name and make sure to check the Store Certificate, after that click the button Next.4. Enter the Subject properties for your private key and click on the button Finish.5. Select your private key and click on Export To File.6. Select export format PKCS#8 Key Pair and download the PKCS#8 Key Pair File.7. Use OpenSSL to convert the DER encoded private key to an PEM encoded (which is needed by

OpenSSHs keygen tool). You can use the following command:

openssl pkcs8 -nocrypt -inform DER -in <filename_of_private_key>.p8-outform PEM -out<filename_of_private_key>.pem

8. Move the pem-encoded private key to your SSH/SFTP server in your users home directory.9. Restrict the file permissions with the following command:

chmod 600 <filename_of_private_key>.pem

10. Use the ssh-keygen tool to extract an OpenSSH public key:ssh-keygen -y -f <filename_of_private_key>.pem. The output should look like this:ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAAAgQD4JjfFek/A6Lee9LQtnpx9uPDlnLSy1VRO2bqwvJAO3GLe5z81/8wCGf6ADEfythsyD8+VG8mMYFyROJpDt/K2dfHLuLAx6cObXO+Q5Q4BrCHhuBDXleF8yOSTzAqWfIwiPW/ZBQq8Z1BJxwgbue4MNkMlQRKQYiZITWzcdNBy4w==

11. Append this public key to .authorized_keys file: ssh-keygen -y -f <filename_of_private_key>.pem >> .ssh/authorized_keys.

12. Delete the private key file.

3.3.1 Resource Management

The resource management helps you preventing concurrent connections to the SFTP server. This isachieved by entering a logical resource name in the resource ID field of the sender or receiverchannel. All channels using the same resource ID value will be synchronised so that only one of themwill perform a transmission at a time.

Note the logical resource name must have been previously defined in the resource management frontend (Please refer to the respective chapter in the “Master Configuration Guide”).

3.3.2 Receiver Channel (Outbound Processing)

If the adapter is being used in a receiver channel, it obtains a message from the Integration Engineand transmits it to a business partner. In this case, the following steps are required:

With the module parameter:

1. Define the channel as a Receiver channel in the Parameters tab.2. Ensure that in the Module tab exists the Seeburger/solution/<solutionName>. The variable <

solutionName> is the current name of the used solution.

3. Ensure sure that the module ModuleProcessorExitBean in the Module tab is listed as the last onein the module sequence:


13

You must use a resource ID at least in the following situations:- You use 2 or more sender channels for polling files in the same SFTP server anddirectory.- You use only 1 sender channel for polling files in a SFTP server’s directory but youhave more than 1 J2EE engine server process.

Module Name Type Module Keylocalejbs/Seeburger/solution/<solutionName>

Local Enterprise Bean solutionid

Module Name Type Module Keylocalejbs/ModuleProcessorExitBean

Local Enterprise Bean Exit

Module Key Parameter Name Parameter ValueExit JNDIName deployedAdapters/SeeXISFTP/s

hareable/SeeXISFTP


14

4. Set the channel parameters in the Parameters tab. The connection parameters are:

Parameter EntryConnectionHost name SFTP server host name.

Port SFTP server port number.

Known hosts store Key Storage service view where the certificates of the remote hostshave been stored. The name must have the format:USERS\viewname\* .For example USERS\trusted_hosts\* would use the viewtrusted_hosts as store for the public keys of the hosts you connect to.

Resource ID Resource ID value. See resource management section.

Extended settingsKeep alive The Keep-Alive mechanism is used to keep an SSH connection open

within a configurable timeout (Default: 60 seconds). This feature isespecially useful to reduce the number of SSH connectionhandshakes if a large number of files is transferred to the samedestination host.

Advantage: You do not have to establish a new SSH session aftereach transfer (Establishment of a new SSH session is a quiteperformance- and time-consuming operation).

The timeout interval can be configured in the MCF. Unless you expecta large number of different destinations and little connection re-use, itis generally strongly recommended using this feature.

Prefer RSA Key Provides selection between RSA and DSA key if the server supportsboth of them.


15

Parameter EntryPreferred Cipher Sets the preferred encryption algorithm.

Preferred MAC Sets the preferred MAC.

Preferred keyexchange Sets the preferred key exchange algorithm.

Packet Length Sets the maximum allowed package length.

ProxyProxy mode Select whether a proxy should be used or not.

Proxy server Proxy server name or IP address.

Proxy port Proxy port number

Proxy user For proxy authorization (if required)

Proxy password For proxy authorization (if required)

Protocol Proxy protocol, HTTP or SOCKS

Server version Proxy protocol version

Dynamic AttributesUse dynamic attributes If checked, the dynamic attributes of the XI message will be used by

the SFTP adapter.

Use non-empty attributes If checked, all non-empty attributes in the XI message will be used bythe adapter. Otherwise you must select one by one the attributes youwant to use.

Fail if adapter specificattributes are missing

If Use non-empty attributes has not been selected, you have to selectthe attributes to be used. This flag lets you define the attributes asoption or mandatory.

Subject Filename on the remote server

Attachment name If checked, the Attachment Name attribute will be used as a name ofthe payload attachment, if it is specified in the XI message.

Host If selected, this attribute will be read from the XI message.

Port If selected, this attribute will be read from the XI message.

User If selected, this attribute will be read from the XI message.

Password If selected, this attribute will be read from the XI message.

Private key If selected, this attribute will be read from the XI message.

Base directory If selected, this attribute will be read from the XI message.

AuthenticationUser User name used for authentication.

Authentication Method of authentication.

Password For password and keyboard-interactive methods.

Message Protocol – SFTP- and SCP-specific Fields

3.3.2.1 Payload Handling

The payload type must be specified, depending on the settings in the module chain:


16

Parameter EntryPrivate key For Key authentication method. The name of key must have the

format USERS\viewname\keynameviewname where is the name ofthe view in the NWA key storage and keyname is the name of theentry in the view.

Parameter EntryBase directory Directory where the file should be created.

File name Name of the file to be created at the remote server.

Transfer type Modes are:

• Overwrite if the file exists.• Append if the file exists.• Add a time-stamp to the file name to get a unique file name.

Filename spelling Values are:

• Original: Do not modify filename.• To upper case• To lower case

Use temporary file (SFTP only) this mode transmits the data to a temporary file and thenrenames the file to its final name.

Deliver transmission report If checked, a transmission report is generated for each transfer.

• The sending payload location has to be defined (MainDocument or Attachment).

• Over the Attachment alias, you can specify a specific attachment for transmission.

3.3.3 Sender Message Channel (Inbound Processing)

If the adapter is being used in a sender channel, it receives messages from the business partner andtransmits them to the Integration Engine.

Two types of transport protocols are supported: SFTP and SFTP-Reports. For each transport protocol,a message protocol is supported. I.e. for the SFTP transport protocol, the message protocol SFTP issupported and for the SFTP-Reports transport protocol, the message protocol Reports is supported.

For an actual data transmission, a POLL operation should be initiated by an internal scheduler,configured in the according INBOUND (sender) channel. Please see below for instructions on channelconfiguration.

The SFTP Adapter must be configured as follows:

1. Define the channel as a Sender channel in the Parameters tab.

2. Ensure that in the Module tab Seeburger/solution/<solutionName> is present. The variable <solutionName> is the current name of the used solution.

3. Ensure that the “CallSapAdapter” module in the “Module” tab is listed last in the module sequence:

No module parameters are required:

Figure 3-1: Processing Sequence/Module Configuration


17

• Select the Transport Protocol SFTP;



Module Name Type Module Keylocalejbs/CallSapAdapter Local Enterprise Bean Entry

4. Set the connections parameters in the Parameters tab page.


18

Parameter EntryConnectionHost name SFTP server host name.

Port SFTP server port number.

Known hosts store Key Storage service view where the certificates of the remotehosts have been stored. The name must have the format:USERS\viewname\* . For example USERS\trusted_hosts\* woulduse the view trusted_hosts as store for the public keys of the hostswe connect to.

Resource ID Resource ID value. See resource management section.

Extended settingsKeep alive The Keep-Alive mechanism is used to keep an SSH connection

open within a configurable timeout (Default: 60 seconds). Thisfeature is especially useful to reduce the number of SSHconnection handshakes if a large number of files is transferred tothe same destination host.

Advantage: You do not have to establish a new SSH session aftereach transfer (Establishment of a new SSH session is a quiteperformance- and time-consuming operation).

The timeout interval can be configured in the MCF. Unless youexpect a large number of different destinations and littleconnection re-use, it is generally strongly recommended using thisfeature.

Prefer RSA Key Gives the possibility to select between RSA and DSA key if theserver supports both of them.

Preferred Cipher Sets the preferred encryption algorithm.

Preferred MAC Sets the preferred MAC.

Preferred keyexchange Sets the preferred key exchange algorithm.

Packet Length Sets the maximum allowed package length.

ProxyProxy mode Select whether a proxy should be used o not.

Proxy server Proxy server name or IP address.

Proxy port Proxy port number

Proxy user For proxy authorization (if required).

Proxy password For proxy authorization (if required).

Protocol Proxy protocol, HTTP or SOCKS.

Server version Proxy protocol version

3.3.4 Message Splitting

The adapter has a built-in classifier and splitting facility. See the category called Splitter settings withinyour adapter’s sender channel. This feature allows to automatically detect the file type (EDIFACT,ANSI X12, Inhouse) and file encoding of the received file and to split the message using severalsplitting types.

The supported splitting types are:


19

Parameter EntryAuthenticationUser User name used for authentication.

Authentication Method of authentication.

Password For password and keyboard interactive methods.

Private key For Key authentication method. The name of key must have theformat USERS\viewname\keyname where viewname is the nameof the view in the NWA key storage and keyname is the name ofthe entry in the view.

File settingsBase directory Directory where the file should be read from.

File name Name of the file to be reads. You can use the wildcard character *for multiple files selection.

Delete file If selected files will be deleted from the server after reading them.

SchedulerMon.,Tue.,Wed.,Thurs.,

Fri.,Sat.,Sun.

Enter lowercase ‘x’ characters to enable scheduling on this day ofthe week.

From Specify the start time in format hh:mm, starting from 00:00 (12:00a.m.).

To Specify the stop time in format hh:mm, starting from 00:00 (12:00a.m.), last applicable is 23:59.

Interval Interval (in minutes) for executing POLLs.

AlertsEnable alerts

If selected, the SFTP adapter will trigger alerts for failed polling.The alerts can be seen in the Communication Channel Monitor.

See “Adapter ChannelMonitoring and Adapter Alerts” inMaster Configuration Guide fordetails.

File Type Splitting Type DescriptionEDIFACT UNB Splits messages by UNB

segments

To activate the internal splitting feature, mark the check box Use built-in splitting. Only if internalsplitting is enabled, detection of file type and encoding applies.

Since often the file type of the received file is unknown, the built-in classifier can be used to detect thefile type. Thus, splitting can be configured for the sender channel separately for each expected filetype. If the file type is identical for each message which is initiated over this channel, it can bespecified in order to force the same splitting mechanism for each message.

Enable the check box detect filetype to for automatic detection of the file type. Otherwise, the file typehas to be configured manually in the splitter parameter table.

Automatic encoding detection is a general problem. A reliable detection of all encodings (and thus acorrect representation within an application) would require that either the encoded file contains sometype of “header” which informs the interpreter on the applied encoding type, or the “text” of the inputfile is known, to check how some special characters are encoded. Both methods are not alwaysapplicable. Therefore the classifier can only guess the correct encoding of the input file.

If you know the input encoding, please specify it exactly in the parameters table or configure it for yourchannel in the encoding section for the payload handling if available, to avoid encoding problems. If noencoding detection is used and no specific encoding is configured, system’s default encoding is used.

Activate check box detect encoding to enable automatic detection of input file encoding.

Not only the file encoding of the received file is important, but also the encoding that is used to initiatethe split parts. If no automatic detection is used or no output encoding is explicitly configured in splitterparameter table, system’s default encoding will be used for split messages to forward to the sendercommunication channel.

The parameters listed below are case-sensitive!:


20

File Type Splitting Type DescriptionANSI X12 ISA Splits messages by ISA

segments

EDIFACT, ANSI X12, Inhouse BLOCK Splits messages into blocks of(X Kb)

Key Value Descriptionfiletype Edifact, Inhouse, AnsiX12 Fixed value for the filetype

(overwrites detect filetype!)

This parameter can only occurone time in the table. Itconfigures that all messageswhich are initiated via thischannel are treated as thisconfigured filetype. This cancause problems if a differentfiletype is initiated via thischannel.

3.3.4.1 Payload Handling on POLL

The payload type, which will be received on the channel, must be specified:


21

Key Value Description<filetype>Split <type of split> Specifies the type of splitting for

the given filetype. The specialvalue ‘nosplit’ can be used tospecify that this filetype must notbe split.

Example:Key: EdifactSplit Value: UNBKey: InhouseSplit Value: BLOCK

OutputBlockSize <size in KB> The size of the output parts forblock splitting

InputFileEncoding Name of a valid Java 1.4.2encoding

This encoding specifies how theClassifier and the Splitter shouldinterpret the received file. If setto a wrong value, this can leadto problems with recognition offiletype or splitting mechanism.Do not set this parameter if youare not sure whether it iscorrect. This parameteroverwrites the encoding, that isdetected by encoding detection!

OutputFileEncoding Name of a valid Java 1.4.2encoding

This encoding specifies how thesplitter should forward the splitmessage parts to the senderchannel for further processing.This parameter overwrites theencoding which is detected byautomatic detection!

• XML files should be declared as “MainDocument”.

• Other files like EDIFACT or ANSI X.12 must be declared as “Attachment”. In this case, anattachment name must also be specified, i.e. the attachment can be referred to by modules thatare processing the payload file.

3.3.4.2 Polling Retries

If pollings that are scheduled fail due to problems (like resource reservation etc.), they areautomatically retried. This behavior allows to ensure that a polling is executed successfully if e.g.polling is only triggered once a day, but the partner is temporarily unavailable due to networkproblems.

Default settings are 10 retries within an interval of 30 seconds.

Those values can be configured for each polling channel. See fields for number of polling retries andpolling retry interval below the scheduler table of the polling channel.

Example: The retry interval is set to 30 minutes (1800 seconds), the scheduler table is configured topoll every 5 minutes and the partner is not available for 1 hour and 2 minutes. I.e. instead of 13pollings that are scheduled every 5 minutes (in total 1h 5 minutes), only 1 polling is scheduled andretried twice (in total 1h 30 minutes). Be aware of this fact and set appropriate values that fit yourneeds.

Channel monitoring shows whether a polling task has failed and is marked for a retry, givesinformation about the current retry count, retry interval and whether polling is skipped on the appliedcluster node because another cluster node is currently polling.

3.3.5 Sender Report Channel (Inbound Processing)

If a sender channel with selected the transport protocol SFTP-Reports and message protocol Reportsis created, it will be used by the SFTP adapter to provide transmission reports.


22

You also need to specify a “Default Encoding” which will be used, when storingreceived files on the hard disk and initiating the received file to the SAP XI AdapterEngine. If the default encoding is passed as dynamic attribute, it will overwrite thestatic channel value.

If there is still an active polling task retried, new polling tasks which triggered byscheduler are skipped. This can decrease the number of required pollingexecutions, but increases the total time until the next successful execution.

This channel must have the status “Exactly one” for two parties connected to the outbound processing(for transmission reports). Otherwise errors will occur.

The SFTP adapter must be configured as follows:

1. Define the channel as a Sender channel in the Parameters tab.

2. Ensure that in the Module tab in the Seeburger/solution/<solutionName> is present. The variable <solutionName> is the current name of the used solution.

3. Ensure that the CallSapAdapter module in the Module tab is listed last in the module sequence:

4. Set the parameters in the Parameters tab page.

SFTP Transport Protocol

3.3.6 Dynamic Attributes

Dynamic attributes are part of the XI message. They provide options for dynamical configuration of theSFTP receiver channels (Outbound direction) using parameters that have been dynamically added orset by modules and mappings before SFTP adapter. These attributes can be set e.g. using theAttribute Mapper.


23

• Select the Transport Protocol SFTP-Reports.• Select the Message Protocol Reports.



Module Name Type Module Keylocalejbs/CallSapAdapter Local Enterprise Bean Entry

Parameter EntryAlertsEnable alerts If selected, the SFTP adapter will trigger alerts for

failed reports.

If selected, additional option will be shown.

The alerts can be seen in the CommunicationChannel Monitor.

See “Adapter Channel Monitoring and AdapterAlerts” in Master Configuration Guide for details.

Negative transmission triggers alert If selected, the SFTP adapter triggers alerts forfailed transmission reports

StatusChannel status Enables/disables the report channel.

http://stefan:50000/mdt/channelmonitorservlet


24

Besides, the adapter dynamically adds specific parameters to the XI message on Inbound case, whichcan be used by the modules and mappings after the adapter.

Please refer to Adapter-specific Attributes (Dynamic Attributes) in Seeburger Master ConfigurationGuide for details.

3.3.6.1 Outbound Direction

Supported dynamic attributes are:

• dtSubject. If it is set in the XI message and the SFTP receiver channel is configured to use allnon-empty or subject attribute, it will be treated as a “Filename” value by the SFTP adapter.

• dtAttachmentName. If it is set in the XI message and the SFTP receiver channel is configuredto use all non-empty or Attachment name attribute, it will be treated as an “Attachment ID” forthe payload data. See the “Payload handling” paragraph.

• dtSFTPHost and dtSFTPPort: these attributes allows dynamic selection of the SFTP server.• dtSFTPUser and dtSFTPPsw: these attributes allows dynamic selection of the user in the

SFTP server. Note that is it not recommended using the password dynamic attribute since itwill be visible using the XI message monitoring tools. Instead of the password you can use theprivate key attribute for key authentication.

• dtSFTPPrivateKey: if key authentication has been selected.• dtSFTPBaseDir: allows you to dynamically select the target directory

This attribute is supposed to have one of the following namespaces:

• http://seeburger.com/xi/common for dtSubject and dtAttachmentName.• http://seeburger.com/xi/SFTP for all attributes starting with dtSFTP.

The SFTP receiver channels can be configured to use all dynamic attributes, specified in the XImessage or some of them in the Dynamic attributes panel:

Dynamic attributes are used if the Use dynamic attributes setting is checked in the receiver channel. Ifthe setting Use non-empty attributes is not selected, all known attributes are used for configuration ifthe attribute is present.

Dynamically set attributes override statically set channel attributes.

3.3.6.2 Inbound Direction

The following attributes are appended to the XI message:

The common attributes are set using the following two namespaces:

The SFTP specific attributes are set in the http://seeburger.com/xi/SFTP namespace only.

3.3.7 MessageIDStore

All messages that are sent or received using this SFTP Adapter are tracked in the SeeburgerMessageIDStore. The Message Id Monitor is used to visualize the message information. Please usethe following URL: http://<host>:50000/seeburger.


25

Common attributes dtSubject (remote file name)

dtSender (sender party)

dtReceiver (receiver party)

dtExternalMsgId

dtAttachmentName

dtMsgType (MESSAGE or REPORT)

dtCorrelationId

SFTP message specific attributes* dtSFTPHost

dtSFTPPort

dtSFTPUser

dtSFTPFileSizedtSFTPBaseDir

• http://seeburger.com/xi/common• http://seeburger.com/xi/SFTP


26


27

Each field in the SFTP adapter details form has particular meaning as explained below:


28

Message DetailsBusiness Process Message ID This is the message Id of the outbound

XI Message that initiated the SEND operation.

Status This is the status of the message and forOUTBOUND messages can have the followingvalues:

• Currently in progress• Error on send, will be retried• Error on send, will not be retried• Sent, no report expected

For INBOUND messages the values can be:

• Currently in progress• Error on receive, task might be retried• Error on receive, task will not be retried• Received, no report requested• Initiation to backend pending

Created Point of time that this message mapping wascreated. A message mapping is created afterSEND operation completion; this is also the timethe message was sent to the host system.

Last Modified Point of time of last modification to this messagemapping. It can be used to verify the time whenthe last report concerning this message wasreceived.

Direction This is the message direction, OUTBOUND foruploaded messages and INBOUND fordownloaded messages.

Status Description This field contains a short text description of themapping status.

File DetailsHost SSH or SFTP server name

Path Location of the file in the remote server

Filename File name as entered in the channel configuration

Remote file name File name in remote server

Details of used master dataAddress ID This is the address Id string used in SFTP for

receiving or sending.


29

Address Name This field contains a short descriptive string withpartner name used for this operation.

Connection ID This is the connection Id string used in SFTP forreceiving or sending.

Connection Name This field contains a short descriptive string withchannel name, used for this operation.

3.3.7.1 Proxy Mode

The SEEBURGER SFTP Adapter supports two kinds of proxy servers: SOCKS and HTTP proxies.

For SOCKS and HTTP proxy protocols support and configuration, please refer to the chapter “ProxyConfiguration” in the document “Master Configuration Guide”.


30

4 Log Configuration

General

For detailed information about configuration of the logging system refer to the SAP documentation andthe SEEBURGER Master Configuration Guide.


31

5 Appendix A: Sample Scenario

Please see the detailed step-by-step description of how to configure a complete SFTP communicationscenario below. A loop-back is created for testing purposes, e.g. the sender and receiver are thesame. This means that every file that is sent will be received during the next poll.

The objects involved in the Scenario are:

• Partner name: filePartner• Service names:

• SFTP: this service contains the SFTP communication channels.• fileService: this services contains the File adapter communication channels.

• Communication channels:

• sftpFileIn: this channel is used to read a file from a local directory using the File adapter.• sftpout: this channel is used to send files to the SFTP server.• sftpoll: this channel is used to poll and read files from the SFTP server.• fileOut: this channel is used to write received files to a local directory using the File Adapter.

The message flow in the sample scenario will be:

1. Sending file to partner.From:Partner: filePartnerService: fileServiceChannel: sftpFileIn (File adapter)To:Partner: filePartner


32

Outbound Processing

Using the File adapter a file will be read from a local directory and sent to the SFTP server using theSFTP Adapter.

Service: SFTPChannel: sftpout (SFTP Adapter)

2. Receiving the file from partner.From:Partner: filePartnerService: SFTPChannel: sftpPoll (SFTP adapter)To:Partner: filePartnerService: fileServiceChannel: fileOut (File Adapter)

1. Create the Parties and Services as shown in the screenshot.

2. Create a Sender Channel for the file adapter to trigger the datatransfer (sftpFileIn).Note: You must replace the Source Directory field value withthe correct directory name in your system.


33

3. Create a Receiver Channel for the SFTP adapter (sftpoutchannel).You must replace the values of myserver, myuser andpassword.Note: Also we entered the value USERS\SFTPPartners\* in theknown hosts store field. We will create this key store later on.

4. Ensure the solution moduleand theModuleProcessorExitBeanmodule with its parameterexist in the modulesequence on the SFTPchannel.


34

5. Open now SAP NetweaverAdministrator, go to "Keystorage" and create the newview “SFTPPartners” in thekey storage service.

6. Create a SenderAgreement.

7. Create a ReceiverAgreement.


35

8. 8. Run now the test byplacing a file named sftp.txtin the Source Directory youdefined in the senderchannel.You will see the followingerror in the messagemonitoring tool: “The hostkey was not accepted”This is normal since the“SFTPPartners” key storageview we created is stillempty.

Message audit log detail:

9. Open the SSH_hosts view inthe SAP NetweaverAdministrator, key storageservice. This view is used tostore the server certificates,which are still not verified!!!You will see the adapter hascreated a key for the server.This only happens the firsttime you try to connect to anew server.In our example we used a server called 192.168.10.2(here it is possible to find theserver name too) and that isalso the name of thecertificate the adaptercreated for us.The fingerprint of the SSHhost is written in the OUelement of the distinguishedname (DN) and this stringmust be used to compare tothe real SSH hostfingerprint. The realfingerprint must be requestfrom the SSH host admin.Do not use the “fingerprint”field of this certificate. Thevalue of this field does notcorrespond to the real SSHhost key fingerprint.


36

10. Now move or copy the192_168_10_2 certificatefrom the SSH_hosts view tothe SFTPPartners view.First go to the SFTPPartnersview, select Import FromView, then in the dialog, thatshows up, select SSH_hostsas From View, 192_168_10_2 as From Entry. To Viewis automatically filled withSFTPPartners value and ToEntry takes value192_168_10_2. Click theImport button.After this the certificate isimported in SFTPPartnersView.

.

Export:

And load:

11. Run the test again byplacing a file named sftp.txtin the Source Directory youdefined in the senderchannel.This time the transmissionshould succeed.

Audit log detail:


37

Inbound Processing

A time-scheduled POLL operation is configured in the SFTP adapter running in the XI Adapter Engine.For each received (downloaded) file an XI Message is created carrying the received file. TheXI Message is forwarded to the Integration Engine for mapping and routing. The Integration Engineforwards the XI Message to the file adapter, which writes the file to a target directory in the file system.

1. 1. Create a Sender Channel for the SFTP adapter.Note you must change the values of host name, user andpassword.

2. Ensure the solution module and the CallSapAdapter moduleexist in the module sequence on the FTP channel.

3. Create a Receiver Channel for the file adapter to store thereceived file in a local folder.

4. Create a Sender Agreement.


38

5. Create a ReceiverAgreement.

6. After the adapter startspolling, you will see themessages coming in, in thecommunication channel(and in the messagemonitor)

Communication channel monitor:

7. Messages are also shown inthe SEEBURGERWorkbench MessageMonitor.


39

6 Appendix B: Supported Servers

The following server types have been successfully tested (OpenSSH servers running on Linux shouldnormally be no problem regardless their exact version):

• SSH-1.99-OpenSSH_3.6.1p2• SSH-1.99-OpenSSH_3.8.1p1 Debian-8.sarge.4• SSH-2.0-OpenSSH_3.8.1p1 Windows• SSH-2.0-OpenSSH_3.8.1p1 on IBM z/OS.• SSH-1.99-OpenSSH_3.9p1• SSH-1.99-OpenSSH_4.1• SSH-2.0-OpenSSH_4.7• SouthRiverTechnologies TitanFTP 5.3• SSH.com Tectia Server 5.1.0• Axway XFB.Gateway• SSH-2.0-Sun_SSH_1.1 on Solaris10

Documents

SAP SFTPAdapter En