by Jakub Turminski
on October 11, 2021

SAP Azure SAS Integration: AzureBLOB Authentication

Business scenario / Requirements

For the SAP Azure SAS Integration, you must actively transfer, upload, or place various file types, including binary, XML, TXT, etc., from the SAP backend directly into an Azure Storage AzureBLOB container.

In order to make the example simple let’s assume

  • You don’t need to map any data inside the file or message. This is a pass-through scenario or IFlow with a FILE sender communication channel (CC) and a REST receiver CC
  • no message content manipulation / mapping will take place – therefore no ESR objects will be created
  • it is needed to keep the same file name

Azure Storage Authentication

Each client making requests to Azure Storage needs authorization. To authorize access, you have several options, including:

  • Shared Key (storage account key)
  • Shared Access Signature (SAS)

With the SAP Azure SAS Integration, you can use SAS access to prevent untrustworthy clients from revealing or using the storage account key, while still delegating access to specific storage resources. Additionally, this approach becomes more straightforward to implement in SAP PO using the standard REST adapter.

In the SAP Azure SAS Integration process, SAS provides access to a specific blob in the storage account for a set period, such as until the end of next year, with defined permissions like write-only. It is essentially a URI containing specific query parameters, including the SAS token. For SAP PI/PO to request Azure BLOB Storage, only this SAS URI is necessary.

Read more about “Authorize requests to Azure Storage” – Link

Read more about “Delegate access with a shared access signature” – Link

Prerequisites

Azure admin has provided shared access signature URIs that looks following:

https://<account>.blob.core.windows.net/<path_to_custom_container>?
sp=<signedPermissions>&
st=<signedStart>&
se=<signedExpiry>&
spr=<signedProtocol>&
sv=<signedVersion>&
sr=<signedResource>&
sig=<signature>
SAS query parameterSAS NameDescriptionE.g.
spsignedPermissionsThis parameter specifies the operations that a client with the SAS can perform on the resource, and it allows for the combination of permissions.w – write
stsignedStartThe time at which the shared access signature becomes valid2021-01-21T11:12:13Z
sesignedExpiryThe time at which the shared access signature becomes invalid2031-01-21T11:12:13Z
sprsignedProtocolSpecifies the protocol permitted for a request made with the SAShttps,http
svsignedVersionThis parameter indicates the service version used to construct the signature field and also specifies which service version will handle a request made with this shared access signature.2020-02-10
srsignedResourceSpecifies which blob resources are accessible via the shared access signature.c – container
sigsignatureYou compute the signature as an HMAC by applying the SHA256 algorithm to the string-to-sign and key, and then encode it using Base64 encoding.kws%3D…
User Delegation SAS parameters

Explore further details about query string parameters in the section “Create a User Delegation SAS”. – Link

IFlow

Image illustrating SAP Azure SAS Integration. CC FILE CC REST
Pass through IFlow

Sender FILE CC configuration

Image illustrating SAP Azure SAS Integration. General Adapter-Specific Modules Source Processing Advanced File Access Parameters Source Directory: * File Name* Identfiers /mnt/SID/foIded Advanced Source File Selection Additional File(s)
Actively retrieve all the CSV files from a designated folder.
Image illustrating SAP Azure SAS Integration. General Adapter-Specific Modules Identfiers Source Processing Advanced Adapter-Specfic Message Properties Z] Set Adapter-Specfic Message Properties Z] File Name Directory File Type Source File Size DSource File Timestamp Adapter Status Status: Advanced Mode
Use Adapter Specific Message Attribute (ASMA)
Image illustrating SAP Azure SAS Integration. General Adapter-Specfic Processing Sequence Number Module Configuration Module Key Modules Identfiers Module Name AF_ModuIes/DynamicConfiguration8ean AF_ModuIes/DynamicConfiguration8ean Cal[SapAdapter Type Local Enterprise Bean Local Enterprise Bean Local Enterprise Bean Module Key DynWriteToParam DynReadFromParam Parameter Value read http://sap.com/xi/XI/System/REST File module.filename write http://sap.com/xi/XI/System/FiIe File module.filename Remove Move Up DynReadFromParam DynReadFromParam DynWriteToParam Parameter Name key. I value.l key. I value. I
Keep the file name to use it in receiver REST CC

Receiver REST CC

General Adapter-Specific Modules Identfiers General REST URL REST Operation Data Format Operation Rules Response Determination HITP Headers Error Handling Warning: Parameterizing HTTP Host or Port is a security risk (see SAP Note: 2174651) URL Pattern: * https://account.bIob.core.windows.net/container/{FiIeName}?sp=w&st=2C [3 Follow Server Redirects on HTTP GET calls Pattern Variable Replacement— Value Source: Pattern Element Name* Adapter Specfic Attribute* Attribute Name* Adapter Specfic Attribute FileName Custom Attribute
Shared access signature URI with pattern variable replacement for a dynamic file name
General Adapter-Specific Modules Identfiers General REST URL REST Operation Data Format Operation Rules Response Determination HITP Headers Error Handling HTTP Operation Source — Value Source: Static Value* Manual Value
Fixed PUT REST operation
General Adapter-Specific Modules Identfiers General REST URL REST Operation Data Format Operation Rules Response Determination HITP Headers Error Handling Request Format Data Format: Binary Binary request Content-Type header: text/csv Response Format (for Synchronous Messages) Data Format: Assign binary message Binary Main Payload of XI Message
Binary mode
General Adapter-Specific Modules Identfiers General REST URL REST Operation Data Format Operation Rules Response Determination HTTP Headers Error Handling Additional HTTP Headers Header Name x-ms blob-type Value Pattern 810ck810b
Obligatory HTTP parameter: x-ms-blob-type = BlockBlob

Read more about HTTP parameters “Put Blob” – Link

Important note! Set the parameter EncodeURL to false to avoid the escape of special characters contained in the signature.

General Adapter-Specfic Processing Sequence Number Module Configuration Module Key Modules Identfiers Module Name sap.com/com.sap.aii.adapter.rest.app/RESTAdapter8ean Parameter Name EncodeURL Type Local Enterprise Bean Parameter Value false Module Key
Modules configuration for parameter EncodeURL = false

Message Monitoring

Error Scheduled Successful Terminated with error Sender Partner Sender Component Receiver Partner Receiver Component Interface dummy PutAzure810 Interface Namespace dummyPutAzure 8 Scenario Identifier
Successful message in Message Monitor
Image illustrating SAP Azure SAS Integration.
The File attribute to be used in receiver REST CC
Image illustrating SAP Azure SAS Integration. 8/17/2021 AM 8/17/2021 AM 8/17/2021 AM 8/17/2021 AM 8/17/2021 AM 8/17/2021 AM 8/17/2021 AM 8/17/2021 AM 8/17/2021 AM 8/17/2021 AM Information Information Information Information Information Information Information Information Information Information Delivering to channel: CC_REST_Receiver_ MP: processing local module localejbs/sap.com'comsailaii.adapterrest_awRESTAdapterBean Set HTTP Header x-ms-blob-type to Block810b Preparing message content Calling server: PUT Server retumed code. 201 REST call finished Message was successfully transmitted to endpoint using connection File http://sap.com,'xi/Xb'System Message status set to OLVO
A successful operation returns status code 201 (Created)

As we wrap up our exploration of the SAP Azure SAS Integration for efficient file management and transfer, it’s clear that this technology offers significant advantages for secure and streamlined data processes. If you’re looking to implement this solution or have questions about how it can be tailored to your specific needs, we’re here to help. Don’t hesitate to reach out for personalized advice and solutions. Visit our Contact Us page to start transforming your data management strategy with expert guidance.

Related Post
KSeF e-invoicing system new dates of entry into force
KSeF Poland einvoicing e-invoicing ecompliance sap integration code10 VAT tax reporting

KSeF e-invoicing system launch has been delayed after the external audit. Here we review most important changes and new key Read more

Partner Summit: SAP Integration Modernization 2025
SAP Integration modernization on SAP Partner Summit 2025. SAP Integration Suite

SAP launched a nice initiative to gather all the SAP partners belonging to the Integration domain for 2 days to Read more

The Future of B2B E-Invoicing in Spain: Navigating New Regulations
b2b spanish einvoice

The latest transformation in Spain's business landscape is the advent of B2B e-invoicing. This groundbreaking change is set to streamline Read more

Migration to Integration Suite – Regression testing for IDOC scenarios 
Big AI robot helping developers test and find issues in their code

Effective regression testing in PI/PO to Integration Suite migration: Learn how to optimize your project with quality test cases and Read more

Categories:

SAP Integration

Tags:

SAP PISAP PO

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *