SAP Azure SAS Integration: File Transfer Guide

on October 11, 2021

SAP Azure SAS Integration: AzureBLOB Authentication

Business scenario / Requirements

For the SAP Azure SAS Integration, you must actively transfer, upload, or place various file types, including binary, XML, TXT, etc., from the SAP backend directly into an Azure Storage AzureBLOB container.

In order to make the example simple let’s assume

You don’t need to map any data inside the file or message. This is a pass-through scenario or IFlow with a FILE sender communication channel (CC) and a REST receiver CC
no message content manipulation / mapping will take place – therefore no ESR objects will be created
it is needed to keep the same file name

Azure Storage Authentication

Each client making requests to Azure Storage needs authorization. To authorize access, you have several options, including:

Shared Key (storage account key)
Shared Access Signature (SAS)

With the SAP Azure SAS Integration, you can use SAS access to prevent untrustworthy clients from revealing or using the storage account key, while still delegating access to specific storage resources. Additionally, this approach becomes more straightforward to implement in SAP PO using the standard REST adapter.

In the SAP Azure SAS Integration process, SAS provides access to a specific blob in the storage account for a set period, such as until the end of next year, with defined permissions like write-only. It is essentially a URI containing specific query parameters, including the SAS token. For SAP PI/PO to request Azure BLOB Storage, only this SAS URI is necessary.

Read more about “Authorize requests to Azure Storage” – Link

Read more about “Delegate access with a shared access signature” – Link

Prerequisites

Azure admin has provided shared access signature URIs that looks following:

https://<account>.blob.core.windows.net/<path_to_custom_container>?
sp=<signedPermissions>&
st=<signedStart>&
se=<signedExpiry>&
spr=<signedProtocol>&
sv=<signedVersion>&
sr=<signedResource>&
sig=<signature>

SAS query parameter	SAS Name	Description	E.g.
sp	signedPermissions	This parameter specifies the operations that a client with the SAS can perform on the resource, and it allows for the combination of permissions.	w – write
st	signedStart	The time at which the shared access signature becomes valid	2021-01-21T11:12:13Z
se	signedExpiry	The time at which the shared access signature becomes invalid	2031-01-21T11:12:13Z
spr	signedProtocol	Specifies the protocol permitted for a request made with the SAS	https,http
sv	signedVersion	This parameter indicates the service version used to construct the signature field and also specifies which service version will handle a request made with this shared access signature.	2020-02-10
sr	signedResource	Specifies which blob resources are accessible via the shared access signature.	c – container
sig	signature	You compute the signature as an HMAC by applying the SHA256 algorithm to the string-to-sign and key, and then encode it using Base64 encoding.	kws%3D…

User Delegation SAS parameters

Explore further details about query string parameters in the section “Create a User Delegation SAS”. – Link

IFlow

Image illustrating SAP Azure SAS Integration.
CC FILE
CC REST — Pass through IFlow

Sender FILE CC configuration

Image illustrating SAP Azure SAS Integration.
General Adapter-Specific Modules
Source Processing Advanced
File Access Parameters
Source Directory: *
File Name*
Identfiers
/mnt/SID/foIded
Advanced Source File Selection
Additional File(s) — Actively retrieve all the CSV files from a designated folder.

Image illustrating SAP Azure SAS Integration.
General Adapter-Specific Modules Identfiers
Source Processing Advanced
Adapter-Specfic Message Properties
Z] Set Adapter-Specfic Message Properties
Z] File Name
Directory
File Type
Source File Size
DSource File Timestamp
Adapter Status
Status:
Advanced Mode — Use Adapter Specific Message Attribute (ASMA)

Image illustrating SAP Azure SAS Integration.
General Adapter-Specfic
Processing Sequence
Number
Module Configuration
Module Key
Modules Identfiers
Module Name
AF_ModuIes/DynamicConfiguration8ean
AF_ModuIes/DynamicConfiguration8ean
Cal[SapAdapter
Type
Local Enterprise Bean
Local Enterprise Bean
Local Enterprise Bean
Module Key
DynWriteToParam
DynReadFromParam
Parameter Value
read http://sap.com/xi/XI/System/REST File
module.filename
write http://sap.com/xi/XI/System/FiIe File
module.filename
Remove
Move Up
DynReadFromParam
DynReadFromParam
DynWriteToParam
Parameter Name
key. I
value.l
key. I
value. I — Keep the file name to use it in receiver REST CC

Receiver REST CC

General Adapter-Specific Modules Identfiers
General REST URL REST Operation Data Format Operation Rules Response Determination HITP Headers Error Handling
Warning: Parameterizing HTTP Host or Port is a security risk (see SAP Note: 2174651)
URL Pattern: *
https://account.bIob.core.windows.net/container/{FiIeName}?sp=w&st=2C
[3 Follow Server Redirects on HTTP GET calls
Pattern Variable Replacement—
Value Source:
Pattern Element Name*
Adapter Specfic Attribute*
Attribute Name*
Adapter Specfic Attribute
FileName
Custom Attribute — Shared access signature URI with pattern variable replacement for a dynamic file name

General Adapter-Specific Modules Identfiers
General REST URL REST Operation Data Format Operation Rules Response Determination HTTP Headers Error Handling
Additional HTTP Headers
Header Name
x-ms blob-type
Value Pattern
810ck810b — Obligatory HTTP parameter: x-ms-blob-type = BlockBlob

Read more about HTTP parameters “Put Blob” – Link

Important note! Set the parameter EncodeURL to false to avoid the escape of special characters contained in the signature.

General Adapter-Specfic
Processing Sequence
Number
Module Configuration
Module Key
Modules Identfiers
Module Name
sap.com/com.sap.aii.adapter.rest.app/RESTAdapter8ean
Parameter Name
EncodeURL
Type
Local Enterprise Bean
Parameter Value
false
Module Key — Modules configuration for parameter EncodeURL = false

Message Monitoring

Error Scheduled Successful
Terminated with error
Sender Partner
Sender Component
Receiver Partner
Receiver Component
Interface
dummy PutAzure810
Interface Namespace
dummyPutAzure 8
Scenario Identifier — Successful message in Message Monitor

Image illustrating SAP Azure SAS Integration. — The File attribute to be used in receiver REST CC

Image illustrating SAP Azure SAS Integration.
8/17/2021 AM
8/17/2021 AM
8/17/2021 AM
8/17/2021 AM
8/17/2021 AM
8/17/2021 AM
8/17/2021 AM
8/17/2021 AM
8/17/2021 AM
8/17/2021 AM
Information
Information
Information
Information
Information
Information
Information
Information
Information
Information
Delivering to channel: CC_REST_Receiver_
MP: processing local module localejbs/sap.com'comsailaii.adapterrest_awRESTAdapterBean
Set HTTP Header x-ms-blob-type to Block810b
Preparing message content
Calling server: PUT
Server retumed code. 201
REST call finished
Message was successfully transmitted to endpoint using connection File http://sap.com,'xi/Xb'System
Message status set to OLVO — A successful operation returns status code 201 (Created)

As we wrap up our exploration of the SAP Azure SAS Integration for efficient file management and transfer, it’s clear that this technology offers significant advantages for secure and streamlined data processes. If you’re looking to implement this solution or have questions about how it can be tailored to your specific needs, we’re here to help. Don’t hesitate to reach out for personalized advice and solutions. Visit our Contact Us page to start transforming your data management strategy with expert guidance.