This blog post describes two example configurations with the EdiSecurityModule of two receiver channels in an outbound and an inbound scenario.
EdiSecurityModule
In many European EDI processes it is mandatory to sign invoices with your company’s signature. With the EdiSecurityModule it is possible to sign EDIFACT and EANCOM messages with your signature depending on your configuration and your certificates.
Your outbound EDI message to your EDI partner gets enhanced with EDIFACT 4.0 conform AUTACK segments.
For inbound EDI message from your EDI partner the EdiSecurityModule de-signs and/or verifies the message and then forwards it to the next module, e.g. EdifactConverterModule.
Note: Within the help.sap.com portal there is a configuration documentation which has a small divergence in spelling of the EdiSecurityModule. You will find the documentation here: Configuring the EDI Security Module (AUTACK) - SAP Process Integration, business-to-business add-on Configuration - SAP …
Example Configuration of a Receiver Channel in an Outbound to Partner Scenario
Adapter module used: localejbs/EdiSecurityModule local
Module Key | Parameter | Value |
|---|---|---|
EdiSecurity | includeOwnCertificate | YES |
EdiSecurity | ownCertificateAlias | MyOwnCompany_CERT |
EdiSecurity | ownCertificateView | _as2_MyOwnCompany |
EdiSecurity | ownPrivateKeyAlias | MyOwnCompany_KEY |
EdiSecurity | ownPrivateKeyView | _as2_MyOwnCompany |
EdiSecurity | secureMsgDirection | Outbound |
EdiSecurity | securityScope | UNH |
Results:
With the configuration above you will have the following results. The hash value and a short description of your certificate is added to your message on UNH level.
On sum level the EdiSecurityModule adds the equivalent parameters to your message. E.g. USH values (USH+1+781761049280+…), USC values.
With the configuration above it we will to add additionally the certificate with which we signed our EDI message after the UNO segment. The EDI message always finishes with the UNZ segment. Please note that all other segments remain untreated (see UNT segment before and after the EdiSecurityModule).
Example Configuration of a Receiver Channel in an Inbound from Partner Scenario
Adapter module used: localejbs/EdiSecurityModule local
ModuleKey | Parameter | Value |
|---|---|---|
EdiSecurityModule | generateAutAck | YES |
EdiSecurityModule | ownCertificateAlias | MyOwnCompany_CERT |
EdiSecurityModule | ownCertificateView | _as2_MyOwnCompany |
EdiSecurityModule | ownPrivateKeyAlias | MyOwnCompany_KEY |
EdiSecurityModule | ownPrivateKeyView | _as2_MyOwnCompany |
EdiSecurityModule | secureMsgDirection | Inbound |
EdiSecurityModule | securityScope | UNH |
EdiSecurityModule | usePartnerCertFromNWA | false |
EdiSecurityModule | verifyMsgSignature | FALSE |
Please note: That the verifyMsgSignature parameter is set always to true by the EdiSecurityModule.This is why I used the parameter generateAutAck and the all of my certificate settings to avoid an error in the message verification. My guess is that SAP will change that in future.
Results:
The security segments were removed by the EdiSecurityModule. The EDIFACT or EANCOM message is now fully convertible by the standard b2b adapter modules.
Verification of EDI Message
In cases of an error within your verification process you will receive the following error message within monitoring and alerting.
| Error Message |
|---|
| MP: exception caught with message Signature verification failed for incoming message with Message type: INVOIC Message Version: 96A Sender Identification: TSTCLNT123:14 Receiver Identification: 0000010001:14 Interchange Control Number: 1234567 |
Summary
With the EdiSecurityModule the b2b addon gets a new module to meet required specifications in sign; "de"-sign and verify EDI messages.