Hi guys, In this article I want to shared step by step about Working with PARTNER DIRECTORY. Because this is tutorial base on my understand about this. Kindly reference for more detail to known some concept about Partner Directory.
In this article I will share something
- How to create and working with User Role ( Replace for default Role ESBMessaging.send)
- How to create service key and call to integration flow with custom User Role ( Replace for default Role)
- How to call integration flow with client certificate
- How to create instance service Process Integration Runtime and service key to with plan is API to call ODATA API
- How to configuration for partner directory run on two differently tenant. One for Partner Directory and one for Receiver.
NOTE : All configuration in this articles, using SAP CPI Cloud Foundry Environment. (CF)
Scenarios
Currently, I have 3 partner involve integration flow and It’s running on production live. And my customer required me add more partner into here. How can I do ?
Easy to do that by open designer integration flow, just drag partner and configure this integration flow. After done, transport it to production environment. That’s it. But seem like this way have something wrong. Something which my customer want that they can can add a lot of partner by configuration something as
| Sender ID | ABC |
| Receiver partner ID | XYZ |
| Receiver partner address | HTTPS://xxxx.com |
And they just add this information into somewhere, after that, integration flow will collect this data and go to accordingly partner automatic.
Ok, I think with three this holidays, I will finish some article for this scenario and share with you.
I. Step by step working with Partner Directory
Prerequisites
Two SAP Cloud Integration Tenant and configuration Integration Suite application and Process integration runtime to get Access Token
User administration of 2 tenant has role AuthGroup.Administrator, AuthGroup.IntegrationDeveloper
One user which use to send message to Partner Directory Tenant ( can you Integration Developer or Tenant Administration. In this article, We call this user is COMMUNITION USER
Key store must have alias sap_cloudintegrationcertificate Or hcicertificate
Step 1 : Create integration flow on receiver tenant.
- Create integration flow on receiver tenant with following information
| Sender Adapter | |
| Address | /receiver_1 |
| Role | receiver1.send |
| Content Modifier | |
| Property | |
| Name | SENDER_ID |
| Type | XPath |
| Data Type | java.lang.String |
| Value | /Message/SenderPartnerId |
| Message Body | |
| Body | <Message> <SenderPartnerId>${property.SENDER_ID}</SenderPartnerId> <ReceiverPartnerId>Receiver_1</ReceiverPartnerId> <Content>Receiver_1 welcome ${property.SENDER_ID}</Content> </Message> |
- Create new user role : receive1.send
After done, go to Role from tenant, we will see this ROLE
- Next, assign user to this ROLE. Because user just use ROLE collection, so we will create custom ROLE collection before, add ROLE receiver_1.send to this ROLE Collection and then, assign user to this ROLE Collection.
- Add Role Collection for User
- Update parameter of instance process integration runtime and create new service key
- Create service key
- After done, we have configure file look like
- Test integration flow at POSTMAN
- Create one more receiver with the same way above.
- address /receiver_2
- User Role : receiver_2.send
- Test Receiver_2 on POSTMAN
Step 2 : Create integration flow on Partner Directory Tenant
| Sender Adapter | |
| Type | HTTPS |
| Address | /partner_directory_test |
| User Role | ESBMessage.send |
| CSRF Protected | Unchecked |
| Content Modifier | |
| PROPERTY | |
| SENDER_ID | //Message/SenderPartnerId |
| RECEIVER_ID | //Message/ReceiverPartnerId |
| Receiver Adapter | |
| SOAP | |
| Address | ${property.RECEIVER_ADDRESS} |
This is code groovy script to get data from Partner Directory and set to PROERTY RECEIVER_ADDRESS
import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
import com.sap.it.api.pd.PartnerDirectoryService;
import com.sap.it.api.ITApiFactory;
def Message processData(Message message) {
def service = ITApiFactory.getApi(PartnerDirectoryService.class, null);
if (service == null){
throw new IllegalStateException("Partner Directory Service not found");
}
def map = message.getProperties();
def receiverId = map.get("RECEIVER_ID");
if (receiverId == null){
throw new IllegalStateException("Receiver ID is not set in the property 'RECEIVER_ID'")
}
def parameterValue = service.getParameter("ADDRESS", receiverId , String.class);
if (parameterValue == null){
throw new IllegalStateException("ADDRESS parameter not found in the Partner Directory for the partner ID "+receiverId);
}
message.setProperty("RECEIVER_ADDRESS", parameterValue );
return message;
}Step 3 : Adding Partner Information to the Partner Directory
Because of partner directory including information of partners, tenant administration will put data into here and from there CPI will get dynamic data to call to another flow.
NOTE
Partner Information include two parts. One for receiver and one for sender. We call API string parameter mean We are configuring for Receiver. In this API, field Pid (Partner ID) is ID of Receiver
To add information into Partner Directory, we will use ODATA API of Partner Directory. Kindly reference here to get more details another ODATA API.
NOTE IMPORTANT
Because of this is ODATA API, they need one access token to connect. Client have to use information from service key which created service Process Integration with plan API,
not plan integration flow.Kindly take a look from below image
- Install service Process Integration with plan is API to get access token for ODATA API
- Create service key
After done, we have
| client ID | Client Id to get access token |
| Client Secret | Client secret to get access token |
| Token URL | URL of authorize server |
| URL | URL of ODATA API |
- Get all String Parameters of partner directory : URL + api/v1/StringParameters
- As Step 1 we have integration flow of receiver_1 and receiver_2 as
| Receiver_1 | |
| Address | https://xxxx/cxf/receiver_1 |
| Receiver_2 | |
| Address | https://tpg-cpi-qas-atf4alck.it-cpi004-rt.cfapps.ap11.hana.ondemand.com/cxf/receiver_2 |
- Create partner information in Partner Directory
- Check partner information by method GET of API
In this time, we begin run test integration flow of Partner Directory.
We will receiver error
This error happen because We use client-certificate authentication for the calls from the Partner Directory integration flow to the receivers. Therefore, we have to exchange the client certificate with the receivers so that a certificate-user mapping can be performed on the receiver tenant.
For fix this issue, we have to configure client certificate.
Step 4 : Exchanging Client Certificate with the Receivers
- Go to the SAP Cloud Integration WEBUI of your tenant where the Partner Directory integration flow is running and navigate to Monitor > Keystore
- Choose the entry with the alias “hcicertificate” or “sap_cloudintegrationcertificate” and select the button for the entry actions. Choose “Download Certificate”.
- This will download the X.509 Certificate for the key-pair.
- Open this cert, copy it. This text will have format like —– BEGIN CERTIFICATE—– XXXX —– END CERTIFICATE—–
- Go to Receiver Tenant, create service key with Key Type is External Certificate and paste Cert which download above in here
- Run test integration flow of partner directory tenant again
This times, we receive one more ISSUE about Unauthorize. This issue happen because in partner directory, we have to configure Authorize user.
Another important entity type of the Partner Directory is the Authorized User. An Authorized User entry assigns a communication user to a partner ID. A communication user can only be assigned to exactly one partner ID, but a partner ID can have several communication users. When an Authorized User entry is created, automatically the role ESBMessaging.send is assigned to the user in the (worker node) application (iflmap), so that this communication user can execute inbound calls to an integration flow.
OK, we will use ODATA API about Authorize User to fix Issue. For more detail about Authorize user in Partner Directory, kindly reference here
- Create authorize user : https://URL + /api/v1/AuthorizedUsers
| Pid | Partner ID of sender ( SenderPartnerId) |
| User | User communication ( Ex : Client ID in service key) |
- Run test again we get successful.
NOTE : For improve performance, CPI will cache information of Partner Directory. Kindly reference https://help.sap.com/docs/CLOUD_INTEGRATION/368c481cd6954bdfa5d0435479fd4eaf/1577f7742507413081f50c3c80a9bd7a.html?version=Cloud for more details
Summary
In this article, I shared step by step how to working with Partner Directory. I also talk about APIs of Partner Directory as String Parameters, Authorize Users and how to call them with client access token. Thanks for your reading and any question, kindly leave your comment below this.
Thanks.
Joseph
SAP Zero to Hero 