CA-XML Bc40 Config Guide

of 22/22
8/3/2019 CA-XML Bc40 Config Guide http://slidepdf.com/reader/full/ca-xml-bc40-config-guide 1/22 6$3 $*é 1HXURWWVWUé ':DOOGRUI ;0/&RPPXQLFDWLRQ 6$3%XVLQHVV&RQQHFWRU &RQILJXUDWLRQ*XLGH +RZWRHQDEOHWKHVWDQGDUG6$3 FRPPXQLFDWLRQWHFKQLTXHVIRUWKHLQWHUQHW 6$3%XVLQHVV&RQQHFWRU 5HOHDVH  
  • date post

    07-Apr-2018
  • Category

    Documents

  • view

    216
  • download

    0

Embed Size (px)

Transcript of CA-XML Bc40 Config Guide

  • 8/3/2019 CA-XML Bc40 Config Guide

    1/22

    6$3

    $* 1HXURWWVWU ':DOOGRUI

    ;0/&RPPXQLFDWLRQ6$3%XVLQHVV&RQQHFWRU

    &RQILJXUDWLRQ*XLGH

    +RZWRHQDEOHWKHVWDQGDUG6$3

    FRPPXQLFDWLRQWHFKQLTXHVIRUWKHLQWHUQHW

    6 $ 3 % X V L Q H V V & R Q Q H F W R U 5 H O H D V H

  • 8/3/2019 CA-XML Bc40 Config Guide

    2/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    LL

    &RS\ULJKW

    Copyright 2001 SAP AG. All rights reserved.

    No part of this documentation may be reproduced or transmitted in any form or for any

    purpose without the express permission of SAP AG.

    SAP AG further does not warrant the accuracy or completeness of the information, text,

    graphics, links or other items contained within these materials. SAP AG shall not be

    liable for any special, indirect, incidental, or consequential damages, including without

    limitation, lost revenues or lost profits, which may result from the use of these materials.

    The information in this documentation is subject to change without notice and does not

    represent a commitment on the part of SAP AG in the future.

    Some software products marketed by SAP AG and its distributors contain proprietary

    software components of other software vendors.

    Microsoft, WINDOWS, NT, EXCEL and SQL-Server are registered trademarks

    of Microsoft Corporation.

    IBM, OS/2, DB2/6000, AIX, OS/400, AS/400 are a registered trademark of

    IBM Corporation.

    OSF/Motif is a registered trademark of Open Software Foundation.

    ORACLE is a registered trademark of ORACLE Corporation, California, USA.

    INFORMIX-OnLine for SAP is a registered trademark of Informix Software

    Incorporated.

    UNIX and X/Open are registered trademarks of SCO Santa Cruz Operation.

    ADABAS is a registered trademark of Software AG

    SAP, R/2, R/3, RIVA, ABAP/4, SAPoffice, SAPmail, SAPaccess, SAP-

    EDI, SAP ArchiveLink, SAP EarlyWatch, SAP Business Workflow, R/3 Retailare registered trademarks of SAP AG

    All rights reserved.

  • 8/3/2019 CA-XML Bc40 Config Guide

    3/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    LLL

    &RQWHQWV

    ,1752'8&7,21

    1(&(66$5

  • 8/3/2019 CA-XML Bc40 Config Guide

    4/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    ,QWURGXFWLRQ

    3XUSRVHRIWKLVGRFXPHQW

    This document describes how the standard SAP communication techniques (i.e. Idocs,

    BAPIs and RFCs) can be easily enabled for the internet using XML and the SAPBusiness Connector release 4.0. It describes how the partners can customize their test-

    copy of the SAP Business Connector 4.0. To get this tool you must be SAP customer or

    have a valid Developer Package or have a valid Test- and Demo-License.

    The Business Connector consists of the Business Connector Server and the Business

    Connector Integrator. The Integrator can be used to add new functionality into the Server.

    This document is about the Business Connector Server only. The Integrator is not used

    within the certification process. Whenever you read Business Connector, we mean the

    Business Connector Server.

    This is not a complete documentation about the Business Connector or Internet

    technologies. To find out more about these topics, please consider the related documents.

    5HOHDVH1RWHV

    The Business Connector 4.0 behaves exactly like the Business Connector 3.5, regarding

    the XML certification. Only the customizing is a bit different.

    5HODWHG'RFXPHQWV

    SAP Business Connector Documentation (e.g. http://service.sap.com/connectorsBusiness Connector 'RFXPHQWDWLRQRU

    /doc/ and /packages/sap/doc/ )

    SAP Internet Adviser (for customers/partners: http://service.sap.com/internetadviser) SAP RFC software development kit helpfiles

    (e.g. \gui\windows\win32\sapgui\rfcsdk\help on the presentation CD)

    SAP Interface Repository (http://ifr.sap.com) to learn more about SAPs XMLSchemas

    Internet Request for Comments (e.g. no. 2616 and no. 2617) (http://www.cis.ohio-state.edu/hypertext/information/rfc.html )

    A lot of information about XML and HTTPS (SSL) can be found in the internet

    &HUWLILFDWLRQ5HTXLUHPHQWVA software product must at least meet the following requirements in order to become

    certified as an XML enabled product. More details about the requirements can be found

    in the test plan belonging to the integration scenario.

    Internet communication using the protocols HTTP and HTTPS with the SAPBusiness Connector

    Adding necessary customizing into the SAP Business Connector Sending and receiving the communication objects (i.e. Idocs, BAPIs or RFCs) that

    are needed in the chosen integration scenario in XML format.

  • 8/3/2019 CA-XML Bc40 Config Guide

    5/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    3UHSDUDWLRQV

    The certification takes place in one of the SAP certification centers around the world. The

    partner will bring its own computer(s) with the software products to be certified. The

    software product may be already preinstalled; the installation of the partners software is

    not part of the certification.

    Partners machine will be connected to an Ethernet LAN so it can access the SAP systems

    used for certification. For the communication with the SAP systems an internal Business

    Connector Server is used that is configured in the same way as described in this

    document.

    1HFHVVDU\FXVWRPL]LQJLQWKH%XVLQHVV&RQQHFWRU

    Start the Business Connector by calling /bin/server.bat . If you want to

    have a debug output, enter server.bat debug log

    . The highest debuglevel is 10. With -log none the debug output is

    written into the command window.

    To enter the administration screen of the Business Connector, simply enter the address of

    the Business Connector into a web browser (default: http://localhost:5555 ) . Your default

    account is user Administrator and password manage.

    1RWH The HTTP protocol is mentioned throughout this document to communicate withthe SAP Business Connector, but after making SSL customizing the HTTPS protocol can

    be used, too.

    $GGLQJQHZXVHUV

    If you want to send data from an SAP system to the BC, you need the same user in both

    systems. To create a user in the BC, first press Security 8VHUVDQG*URXSVWKHQAdd and Remove Users. Enter your SAP user (all uppercase!!) and a password, then

    press Create Users.

    Now mark your just created user in the Groups box section (the one with Remaining

    Users as header line) and make sure that the Select group is Administrators. Then

    add the user into the Administrators group by pressing the EXWWRQEHORZWKHYHU\

    right selection box. To finish that step press Save Changes.

    6HFXULQJWKHVHUYLFHV

    In that Business Connector release all the services are secured by default. Only known

    users can access the services. So you can use the user Administrator or the user created

    in 2.1 to access the Business Connector from your client program. You have to send

    user/password BASE64 encoded to the Business Connector.

  • 8/3/2019 CA-XML Bc40 Config Guide

    6/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    $GGLQJ6$3V\VWHPV

    You need to specify every SAP system that should be used within the Business

    Connector. Press Adapters 6$3WRRSHQDQHZZLQGRZLQWKDWZLQGRZSUHVV6$3

    6$36HUYHUVWKHQ$GG6$3VHUYHU(QWHUDQDPHIRUWKHGHVWLQDWLRQDQGWKHnecessary logon information, then press Save. After that you can test the connection

    (Test connection).

    In the following screenshot an SAP system with name 6$36

  • 8/3/2019 CA-XML Bc40 Config Guide

    7/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    If you want to use the other direction as well (SAP is client), you need to install one or

    more listeners for this SAP system. To do this, press the SAP 6$36HUYHUVDQGFOLFNinto the Listeners-column for the desired SAP system. Then you can add a new listener

    (e.g. Program ID: 0

  • 8/3/2019 CA-XML Bc40 Config Guide

    8/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    $FFHVVLQJ%XVLQHVV&RQQHFWRUIXQFWLRQDOLW\

    To access functionality in the Business Connector, so called VHUYLFHV are called via HTTP.This is done by posting a document containing the parameters to the service. In our case,

    we always post documents containing the XML format of the Idoc or BAPI/RFC-call to a

    service of the Business Connector that converts the document and calls the SAP system.

    The following statements must be used to post a document to the /sap/InboundIdoc

    service of the Business Connector. The keyword invoke must not be omitted. The

    empty line that follows the header is also very important!

    POST /invoke/sap/InboundIdoc HTTP/1.0

    ...

    Which services of the Business Connector should be used for the different SAP

    communication objects are explained in the next chapters.

  • 8/3/2019 CA-XML Bc40 Config Guide

    9/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    ,GRFFRPPXQLFDWLRQ

    ,GRF2XWERXQGSURFHVVLQJ6$3LVFOLHQW

    In the ALE customizing (transaction SALE) you specify the sender and the receiver for

    an Idoc (e.g. sender SAP and receiver EXTERNAL, Idoc message type MATMAS). Then

    you can send this Idoc to the Business Connector using an appropriate RFC destination.

    &UHDWLQJWKH5RXWLQJ5XOH

    You need to add the following Routing Rule, to convert the Idoc into XML and send it

    from the Business Connector with HTTP to an external webserver:

  • 8/3/2019 CA-XML Bc40 Config Guide

    10/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    5HFHLYLQJWKH,GRF

    Your external webserver will receive an HTTP request containing a header with HTTP

    parameters and an XML document containing the Idoc in XML format. You can see that

    the routing information in the control record of the Idoc matches with the Routing Rule in

    the Business Connector.

    Content-type: application/x-sap.idoc

    Content-length: [length of XML doc]+773+HDGHUX-tid: [TID]

    (;7(51$/

    6$30$70$6

    ...;0/'RFXPHQW

    ...

    You need to answer the HTTP request that was initiated by the Business Connector with a

    positive HTTP status (e.g. HTTP status 200).

    7,'KDQGOLQJ

    You can extract the TID from the HTTP header (parameter X-tid). If an error during

    transmission occurred, SAP will resend the Idoc using the same TID. So you need to store

    the TIDs in a database and check every TID that you receive from SAP:

    1)7,'UHFHLYHGIRUWKHILUVWWLPH : This transmission was never done before. The Idocmust be stored and processed. The TID must also be stored into a database.

    2) 7,'DOUHDG\UHFHLYHG: This Idoc was transferred before, but an error occurred. So DONOT store or process this Idoc again.

    The Business Connector does not confirm successful transactions. So your product must

    delete old TIDs after a significant time.

  • 8/3/2019 CA-XML Bc40 Config Guide

    11/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    ,GRF,QERXQGSURFHVVLQJ6$3LVVHUYHU

    &UHDWLQJWKH5RXWLQJ5XOH

    Before you can send Idocs to SAP, you need to create a Routing Rule in the Business

    Connector that matches the routing information in the Idoc control record:

    *HWWLQJD7,'

    The Business Connector can ask a SAP system to create a worldwide unique TID. We

    will use this service in the certification test. In the production environment such an

    additional HTTP request might cost too much time. If it is the case, you can calculate and

    use your own pseudo TID.

    To get a TID from the Business Connector, use the /sap/createTID service and

    specify the SAP system, which should calculate the TID (e.g. 6$36

  • 8/3/2019 CA-XML Bc40 Config Guide

    12/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    6HQGLQJWKH,GRF

    Now you can post the Idoc in XML format to the Business Connector service /wm.

    PartnerMgr.gateway.transport.ALE/InboundProcess. Use the HTTP

    parameter X-tid to send the TID to the SAP system. Again, the routing information in

    the Idoc control record has to match with a Routing Rule in the Business Connector.

    POST /invoke/wm.PartnerMgr.gateway.transport.ALE/InboundProcess

    Content-type: application/x-sap.idoc

    Content-length: [length of doc] +773+HDGHU

    Authorization: Basic [user/passwd BASE64 encoded]

    X-tid: [TID to use]

    6$3(;7(51$/0$70$6

    ...;0/'RFXPHQW

    ...

    3URFHVVLQJWKHDQVZHURIWKH%XVLQHVV&RQQHFWRU

    If the call succeeds, the Business Connector answers with an OK-status. Then you can

    confirm the TID. If the call fails (e.g. timeout), you must resend the Idoc with the same

    TID, so that the SAP system can detect a retransmission.

    &RQILUPLQJWKH7,'

    You should confirm the TID to delete it from the SAP tables. You must use the same

    SAP system for the confirmation that was used to create the TID:

    POST /invoke/sap/confirmTID HTTP/1.0

    Content-length: [length of doc]

    Authorization: Basic [user/passwd BASE64 encoded]

    serverName=6$36

  • 8/3/2019 CA-XML Bc40 Config Guide

    13/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    %$3,FRPPXQLFDWLRQ

    %$3,2XWERXQGSURFHVVLQJ6$3LVFOLHQW

    BAPI calls are sent to the Business Connector using an appropriate RFC destination.

    &UHDWLQJWKH5RXWLQJ5XOH

    The routing information of a BAPI call consists of the SAP systemID (e.g. 6$36

  • 8/3/2019 CA-XML Bc40 Config Guide

    14/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    Content-type: application/x-sap.busdoc

    Content-length: [length of doc] +773+HDGHU

    urn:sap-com:logical-system:(;7B'(67

    urn:sap-com:logical-system:6$36

  • 8/3/2019 CA-XML Bc40 Config Guide

    15/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    %$3,,QERXQGSURFHVVLQJ6$3LVVHUYHU

    &UHDWLQJWKH5RXWLQJ5XOH

    Before you can call BAPIs in the SAP system, you need to create a Routing Rule in the

    Business Connector that matches the routing information in the BAPI XML document.

    1RWH The Message Type must now match with the BAPI and not with the functionmodule.

    6HQGLQJWKH%$3,FDOO

    Now you can post the BAPI call in XML format to the Business Connector service /wm.

    PartnerMgr.gateway.transport.BAPI/InboundProcess. Again, the

    routing information in the XML document has to match with the Routing Rule created inthe Business Connector.

  • 8/3/2019 CA-XML Bc40 Config Guide

    16/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    POST /invoke/wm.PartnerMgr.gateway.transport.BAPI/InboundProcess

    Content-type: application/x-sap.busdoc

    Content-length: [length of doc] +773+HDGHU

    Authorization: Basic [user/passwd BASE64 encoded]

    urn:sap-com:logical-system:6$3

    urn:sap-com:logical-system:(;7(51$/

    0001

    2

    5HFHLYLQJWKH%$3,UHVSRQVHRIWKH%XVLQHVV&RQQHFWRU

    If the call succeeds, the Business Connector answers with the result of the BAPI call:

    D2443

    D2444

  • 8/3/2019 CA-XML Bc40 Config Guide

    17/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    5)&FRPPXQLFDWLRQ

    5)&2XWERXQGSURFHVVLQJ6$3LVFOLHQW

    RFC calls are sent to the Business Connector using an appropriate RFC destination.

    &UHDWLQJWKH5RXWLQJ5XOH

    The routing information of a RFC call consists of the SAP systemID (e.g. 6$36

  • 8/3/2019 CA-XML Bc40 Config Guide

    18/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    Content-type: application/x-sap.busdoc

    Content-length: [length of doc] +773+HDGHU

    urn:sap-com:logical-system:(;7B'(67

    urn:sap-com:logical-system:6$36

  • 8/3/2019 CA-XML Bc40 Config Guide

    19/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    5)&,QERXQGSURFHVVLQJ6$3LVVHUYHU

    &UHDWLQJWKH5RXWLQJ5XOH

    Before you can call RFCs in the SAP system, you need to create a Routing Rule in the

    Business Connector that matches the routing information in the RFC XML document.

    6HQGLQJWKH5)&FDOO

    Now you can post the RFC call in XML format to the Business Connector service /wm.

    PartnerMgr.gateway.transport.RFC/InboundProcess. Again, the

    routing information in the XML document has to match with the Routing Rule created in

    the Business Connector.

  • 8/3/2019 CA-XML Bc40 Config Guide

    20/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    POST /invoke/wm.PartnerMgr.gateway.transport.RFC/InboundProcess

    Content-type: application/x-sap.busdoc

    Content-length: [length of doc] +773+HDGHU

    Authorization: Basic [user/passwd BASE64 encoded]

    urn:sap-com:logical-system:6$3

    urn:sap-com:logical-system:(;7(51$/

    COLOR

    5HFHLYLQJWKH5)&UHVSRQVHRIWKH%XVLQHVV&RQQHFWRU

    If the call succeeds, the Business Connector answers with the result of the RFC call:

    Q45

    1

    COLOR

    1

    Red

    000

  • 8/3/2019 CA-XML Bc40 Config Guide

    21/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    &RQILJXULQJWKH%XVLQHVV&RQQHFWRUIRU66/+7736

    Before you can configure the BC for SSL, you need X.509 certificates. We can provide

    you with a certificate-test-package that can be used for testing and certification. These

    certificates issued by ICC Walldorf can not be used in a production environment! The

    following chapters describe the configuration using our certificate-test-package.

    ,QVWDOOLQJWKHFHUWLILFDWHVLQWRWKH%XVLQHVV&RQQHFWRU

    Copy the certificates from the certificate-test-package into the following directories:

    cacert.der \sapbc40\server\config\cacert.der

    cacert.der \sapbc40\server\config\cacert\cacert.der

    servercert.der \sapbc40\server\config\cert.der

    serverkey.der \sapbc40\server\config\privkey.der

    In the production environments the Common Name in the servercert must match with the

    computer name, on which the BC is running. We used localhost for this Common

    Name. If you need to use a different computer name, and if the servercert does not work,

    please tell us this computer name and we will send you a new server certificate.

    &UHDWLQJDQ+7736OLVWHQHULQWKH%XVLQHVV&RQQHFWRU

    Press Security 3RUWVRQWKHOHIWDQGWKHQ$GG3RUW &KRRVH7\SHwebMethods/https and press Go to Step 2. Enter a port number (e.g. 4444) and set

    Client Authentication = Request client certificates. Press Save Changes.

    Now click on Edit in the Access mode-column and choose Set Access Mode to

    Allow by Default on the next screen. Confirm the popup window with ok and Return to

    Port List. Here enable the new HTTPS listener by pressing the No in the Enabled?

    column. If all the certificates were copied to the correct locations, the listener should start.

    Whenever you establish an HTTPS-connection (e.g. https://localhost:4444), the BC

    requests your client certificate. If the client does not present one, the BC asks for

    username and password. If you choose Client Authentication = Require client

    certificates, the client PXVWlog on with a valid certificate.

    ,PSRUWLQJWKHFOLHQWFHUWLILFDWHLQWRWKH%XVLQHVV&RQQHFWRU

    Press Security &HUWLILFDWHVWKHQ(GLW&HUWLILFDWHV6HWWLQJVWRVSHFLI\WKHGLUHFWRU\with the CA certificates. Enter config/cacert/ into the CA Certificate Directory-field.

    To use your client certificate you must import it into the Business Connector and map it

    to a BC-user (e.g. with the user created in 2.1). Click on Client Certificates, enter the

    path of the clientcert.der from the certificate-test-package and press Import Certificate

    to add a new certificate with Common Name = BC_User.

    Now click on BC_User in the Subject CN column and then choose Change User

    Mapping. Map the certificate to the user created in 2.1 and Save Changes. Now youcan use your client certificate to enter the BC administrator screen and to access

    functionality from your client.

  • 8/3/2019 CA-XML Bc40 Config Guide

    22/22

    6$3$* ;0/FRPPXQLFDWLRQ%XVLQHVV&RQQHFWRU&RQILJXUDWLRQ*XLGH

    ,QVWDOOLQJFHUWLILFDWHVLQWR\RXU:HE%URZVHU

    If you want to use HTTPS for administration, you must install the clientcert and the

    cacert into your web browser. If you use IE5, simply doubleclick the clientcert.p12 andthe cacert.der to install them (btw: with NT4 the SP6 is needed).

    $GGLWLRQDOKLQWV

    1) Its not necessary, to include empty fields in the XML document that is sent to theBusiness Connector. The following two XML documents are equivalent:

    info1

    info2

    info3

    info4

    info1

    info2

    info3

    info4

    2) The occurence of the Idoc segments etc. is contained in the minOccurs andmaxOccurs elements of the XML schema. If such an element misses, then its default

    value is 1.

    Example:

    the segment is optional, it can occur 9999 times.

    the segment is mandatory and can occur exactly 1 times.