Business scenario / Requirements
It is required to transfer / upload / put a file (could be any file type e.g. binary, xml, txt, etc.) from SAP backend to Azure Storage (AzureBLOB container)
In order to make the example simple let’s assume
- there is no need to map any data inside of the file / message (a pass through scenario / IFlow with FILE sender communication channel (CC) and REST receiver CC)
- no message content manipulation / mapping will take place – therefore no ESR objects will be created
- it is needed to keep the same file name
Azure Storage Authentication
Each client who makes requests against Azure Storage must be authorized. There are a few ways to authorize access including:
- Shared Key (storage account key)
- Shared Access Signature (SAS)
SAS access might be used to restricts clients (who are not trustworthy) from revealing / using storage account key and yet delegate access to specific storage resources. Not only that, this approach is easier to implement in SAP PO with use of standard REST adapter.
SAS is used to delegate access to a specific blob in the storage account for a specific time (e.g. till the end of next year) with a specified permissions (e.g. write only). SAS is nothing more than URI with specific query parameters including SAS token. SAS URI is all that it is needed to make SAP PI/PO to make a request against Azure BLOB Storage.
Read more about “Authorize requests to Azure Storage” – Link
Read more about “Delegate access with a shared access signature” – Link
Prerequisites
Azure admin has provided shared access signature URIs that looks following:
https://<account>.blob.core.windows.net/<path_to_custom_container>? sp=<signedPermissions>& st=<signedStart>& se=<signedExpiry>& spr=<signedProtocol>& sv=<signedVersion>& sr=<signedResource>& sig=<signature>
| SAS query parameter | SAS Name | Description | E.g. |
| sp | signedPermissions | Indicates which operations a client who possesses the SAS may perform on the resource. Permissions may be combined. | w – write |
| st | signedStart | The time at which the shared access signature becomes valid | 2021-01-21T11:12:13Z |
| se | signedExpiry | The time at which the shared access signature becomes invalid | 2031-01-21T11:12:13Z |
| spr | signedProtocol | Specifies the protocol permitted for a request made with the SAS | https,http |
| sv | signedVersion | Indicates the version of the service used to construct the signature field, and also specifies the service version that handles a request made with this shared access signature. | 2020-02-10 |
| sr | signedResource | Specifies which blob resources are accessible via the shared access signature. | c – container |
| sig | signature | The signature is an HMAC computed over the string-to-sign and key using the SHA256 algorithm, and then encoded using Base64 encoding. | kws%3D… |
Read more about query string parameters: “Create a user delegation SAS” – Link
IFlow
Sender FILE CC configuration
![General Adapter-Specific Modules Identfiers
Source Processing Advanced
Adapter-Specfic Message Properties
Z] Set Adapter-Specfic Message Properties
Z] File Name
Directory
File Type
Source File Size
DSource File Timestamp
Adapter Status
Status:
Advanced Mode](https://i0.wp.com/code10it.com/wp-content/uploads/2021/10/image-1.png?resize=838%2C471&ssl=1)
Receiver REST CC
Read more about HTTP parameters “Put Blob” – Link
NB! In order to avoid special characters contained in signature to be escaped set parameter EncodeURL = false
Message Monitoring
Time to upgrade: SAP PI 7.5 Vs CPI Comparison between SAP PI 7.5 and CPI At the end of 2020, Read more
PEPPOL (Pan-European Public Procurement On-Line) is a standard defined by the EU. PEPPOL is based on open standards, such as Read more
This is the first blog of a series to check what SAP can offer to migrate SAP PI/PO interfaces to Read more
EDI EDI, which stands for Electronic Data Interchange, is the standardised business-to-business (B2B) communication of documents in an electronical format. Read more
No responses yet