SAP Azure SAS Integration: AzureBLOB Authentication

Business scenario / Requirements

For the SAP Azure SAS Integration, you must actively transfer, upload, or place various file types, including binary, XML, TXT, etc., from the SAP backend directly into an Azure Storage AzureBLOB container.

In order to make the example simple let’s assume

  • You don’t need to map any data inside the file or message. This is a pass-through scenario or IFlow with a FILE sender communication channel (CC) and a REST receiver CC
  • no message content manipulation / mapping will take place – therefore no ESR objects will be created
  • it is needed to keep the same file name

Azure Storage Authentication

Each client making requests to Azure Storage needs authorization. To authorize access, you have several options, including:

  • Shared Key (storage account key)
  • Shared Access Signature (SAS)

With the SAP Azure SAS Integration, you can use SAS access to prevent untrustworthy clients from revealing or using the storage account key, while still delegating access to specific storage resources. Additionally, this approach becomes more straightforward to implement in SAP PO using the standard REST adapter.

In the SAP Azure SAS Integration process, SAS provides access to a specific blob in the storage account for a set period, such as until the end of next year, with defined permissions like write-only. It is essentially a URI containing specific query parameters, including the SAS token. For SAP PI/PO to request Azure BLOB Storage, only this SAS URI is necessary.

Read more about “Authorize requests to Azure Storage” – Link

Read more about “Delegate access with a shared access signature” – Link

Prerequisites

Azure admin has provided shared access signature URIs that looks following:

https://<account>.blob.core.windows.net/<path_to_custom_container>?
sp=<signedPermissions>&
st=<signedStart>&
se=<signedExpiry>&
spr=<signedProtocol>&
sv=<signedVersion>&
sr=<signedResource>&
sig=<signature>
SAS query parameterSAS NameDescriptionE.g.
spsignedPermissionsThis parameter specifies the operations that a client with the SAS can perform on the resource, and it allows for the combination of permissions.w – write
stsignedStartThe time at which the shared access signature becomes valid2021-01-21T11:12:13Z
sesignedExpiryThe time at which the shared access signature becomes invalid2031-01-21T11:12:13Z
sprsignedProtocolSpecifies the protocol permitted for a request made with the SAShttps,http
svsignedVersionThis parameter indicates the service version used to construct the signature field and also specifies which service version will handle a request made with this shared access signature.2020-02-10
srsignedResourceSpecifies which blob resources are accessible via the shared access signature.c – container
sigsignatureYou compute the signature as an HMAC by applying the SHA256 algorithm to the string-to-sign and key, and then encode it using Base64 encoding.kws%3D…
User Delegation SAS parameters

Explore further details about query string parameters in the section “Create a User Delegation SAS”. – Link

IFlow

Image illustrating SAP Azure SAS Integration.
CC FILE 
CC REST
Pass through IFlow

Sender FILE CC configuration

Image illustrating SAP Azure SAS Integration.
General Adapter-Specific Modules 
Source Processing Advanced 
File Access Parameters 
Source Directory: * 
File Name* 
Identfiers 
/mnt/SID/foIded 
Advanced Source File Selection 
Additional File(s)
Actively retrieve all the CSV files from a designated folder.
Image illustrating SAP Azure SAS Integration.
General Adapter-Specific Modules Identfiers 
Source Processing Advanced 
Adapter-Specfic Message Properties 
Z] Set Adapter-Specfic Message Properties 
Z] File Name 
Directory 
File Type 
Source File Size 
DSource File Timestamp 
Adapter Status 
Status: 
Advanced Mode
Use Adapter Specific Message Attribute (ASMA)
Image illustrating SAP Azure SAS Integration.
General Adapter-Specfic 
Processing Sequence 
Number 
Module Configuration 
Module Key 
Modules Identfiers 
Module Name 
AF_ModuIes/DynamicConfiguration8ean 
AF_ModuIes/DynamicConfiguration8ean 
Cal[SapAdapter 
Type 
Local Enterprise Bean 
Local Enterprise Bean 
Local Enterprise Bean 
Module Key 
DynWriteToParam 
DynReadFromParam 
Parameter Value 
read http://sap.com/xi/XI/System/REST File 
module.filename 
write http://sap.com/xi/XI/System/FiIe File 
module.filename 
Remove 
Move Up 
DynReadFromParam 
DynReadFromParam 
DynWriteToParam 
Parameter Name 
key. I 
value.l 
key. I 
value. I
Keep the file name to use it in receiver REST CC

Receiver REST CC

General Adapter-Specific Modules Identfiers 
General REST URL REST Operation Data Format Operation Rules Response Determination HITP Headers Error Handling 
Warning: Parameterizing HTTP Host or Port is a security risk (see SAP Note: 2174651) 
URL Pattern: * 
https://account.bIob.core.windows.net/container/{FiIeName}?sp=w&st=2C 
[3 Follow Server Redirects on HTTP GET calls 
Pattern Variable Replacement— 
Value Source: 
Pattern Element Name* 
Adapter Specfic Attribute* 
Attribute Name* 
Adapter Specfic Attribute 
FileName 
Custom Attribute
Shared access signature URI with pattern variable replacement for a dynamic file name
General Adapter-Specific Modules Identfiers 
General REST URL REST Operation Data Format Operation Rules Response Determination HITP Headers Error Handling 
HTTP Operation Source — 
Value Source: 
Static Value* 
Manual Value
Fixed PUT REST operation
General Adapter-Specific Modules Identfiers 
General REST URL REST Operation Data Format Operation Rules Response Determination HITP Headers Error Handling 
Request Format 
Data Format: 
Binary 
Binary request Content-Type header: text/csv 
Response Format (for Synchronous Messages) 
Data Format: 
Assign binary message 
Binary 
Main Payload of XI Message
Binary mode
General Adapter-Specific Modules Identfiers 
General REST URL REST Operation Data Format Operation Rules Response Determination HTTP Headers Error Handling 
Additional HTTP Headers 
Header Name 
x-ms blob-type 
Value Pattern 
810ck810b
Obligatory HTTP parameter: x-ms-blob-type = BlockBlob

Read more about HTTP parameters “Put Blob” – Link

Important note! Set the parameter EncodeURL to false to avoid the escape of special characters contained in the signature.

General Adapter-Specfic 
Processing Sequence 
Number 
Module Configuration 
Module Key 
Modules Identfiers 
Module Name 
sap.com/com.sap.aii.adapter.rest.app/RESTAdapter8ean 
Parameter Name 
EncodeURL 
Type 
Local Enterprise Bean 
Parameter Value 
false 
Module Key
Modules configuration for parameter EncodeURL = false

Message Monitoring

Error Scheduled Successful 
Terminated with error 
Sender Partner 
Sender Component 
Receiver Partner 
Receiver Component 
Interface 
dummy PutAzure810 
Interface Namespace 
dummyPutAzure 8 
Scenario Identifier
Successful message in Message Monitor
Image illustrating SAP Azure SAS Integration.
The File attribute to be used in receiver REST CC
Image illustrating SAP Azure SAS Integration.
8/17/2021 AM 
8/17/2021 AM 
8/17/2021 AM 
8/17/2021 AM 
8/17/2021 AM 
8/17/2021 AM 
8/17/2021 AM 
8/17/2021 AM 
8/17/2021 AM 
8/17/2021 AM 
Information 
Information 
Information 
Information 
Information 
Information 
Information 
Information 
Information 
Information 
Delivering to channel: CC_REST_Receiver_ 
MP: processing local module localejbs/sap.com'comsailaii.adapterrest_awRESTAdapterBean 
Set HTTP Header x-ms-blob-type to Block810b 
Preparing message content 
Calling server: PUT 
Server retumed code. 201 
REST call finished 
Message was successfully transmitted to endpoint using connection File http://sap.com,'xi/Xb'System 
Message status set to OLVO
A successful operation returns status code 201 (Created)

As we wrap up our exploration of the SAP Azure SAS Integration for efficient file management and transfer, it’s clear that this technology offers significant advantages for secure and streamlined data processes. If you’re looking to implement this solution or have questions about how it can be tailored to your specific needs, we’re here to help. Don’t hesitate to reach out for personalized advice and solutions. Visit our Contact Us page to start transforming your data management strategy with expert guidance.

Related Post
The Future of B2B E-Invoicing in Spain: Navigating New Regulations
b2b spanish einvoice

The latest transformation in Spain's business landscape is the advent of B2B e-invoicing. This groundbreaking change is set to streamline Read more

Migration to Integration Suite – Regression testing for IDOC scenarios 
Big AI robot helping developers test and find issues in their code

Effective regression testing in PI/PO to Integration Suite migration: Learn how to optimize your project with quality test cases and Read more

Time to upgrade: SAP PI 7.5 Vs CPI

Navigating the Upgrade Decision: SAP PI vs CPI SAP PI VS CPI With SAP ending support for most PI versions Read more

SAP PI/PO to Integration Suite: Migration Assessment

This is the first blog of a series to check what SAP can offer to do a migration SAP PI/PO Read more

Categories:

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *