/
SFTP Reception - “Parameters” -> “Source”

SFTP Reception - “Parameters” -> “Source”

Owned by Roberto Clemente Velilla (Deactivated)
Last updated: jun 29, 2023 by Carlos Prieto
7 min read

In this section, the parameters to set the files to be deposited in the server and the connection and transfer data of the SFTP server are defined.



File Access Parameters”

These parameters must be defined to set the location and name of the file that the channel must create in the server. The adapter supports “variable substitution” for the directory and file names. It means that if a variable named “var1” is defined (in the “variable substitution” section of the channel, explained later), it can be used to form the file name or the target directory name by putting %var1% in the text.



Target directory: Defines the path where the channel will create the target file. Supports the use of "variable substitution".

Create Target Directory: If this flag is selected, the channel will create the target directory if it does not exist.

File Name: Target file name. Supports the use of "variable substitution".



During message processing, the following options can be done:

  • Create a file with the XML Signature of the message file. The check “sign file” must be activated to indicate to the adapter that the file with the XML Sginature of the message content should be created.

  • Create a file with the checksum of the message content. The check “checksum file” must be activated to indicate to the adapter that the file with the checksum of the message content should be created.

  • Create an empty “done” file, in the target, to indicate the completion of the creation of the file associated to the message. The check “put done file” must be activated to indicate to the adapter that the done file should be created when the transfer of the message to the target file is ended.



Sign file: Indicates that for the file associated to the PI message, another file must be created with the XML Signature of the message content. The following parameters can be defined to create the sign file:

  • Signature file name schema: Indicates the schema that the name of the sign file to be created must follow. Special characters supported are.

  •  

    • %f: Message file name.

    • %fwoe: Message file name, without extension.

    • Signature Certificate KeyStore: Name of the VIEW of SAP Keystore of J2ee where the X.509 certificate to be used for the digital signature is stored.

  •  

    • Signature Certificate Name: Name of the X.509 certificate, of SAP Keystore of J2ee, to be used for the digital signature.

    • Signature PrivateKey KeyStore: Name of the VIEW of SAP Keystore of J2ee where the private key to be used for the digital signature is stored.

    • Signature PrivateKey Name: Name of the private key, of SAP Keystore of J2ee, to be used for the digital signature.

    • Signature Algorithm: Indicates the signature algorithm. Supported algorithms are:

      • DSA

      • ECDSA SHA1

      • RSA

      • RSA MD5

      • RSA RIPEMD160

      • RSA – SHA1

      • RSA – SHA256

      • RSA – SHA384

      • RSA – SHA512



  • Digest Algorithm: Indicates the digest algorithm to be used in the XML signature. Supported algorithm are:

  •  

    • MD5

    • RIPEMD160

    • SHA1

    • SHA256

    • SHA384

    • SHA512



  • Canonical Algorithm: Indicates the canonical algorithm to be used in the XML signature. Supported algorithms are:

    • Exclusive c14n with comments

    • Exclusive c14n without comments

    • Inclusive c14n with comments

    • Inclusive c14n without comments





Checksum file: Indicates that for the file associated to the PI message, another file must be created with the checksum of the message content. The following parameters must be defined to create the checksum:

  • Checksum file name schema: Indicates the schema that the name of the checksum file to be created must follow. Special characters supported are:

    • %f: Message file name.

    • %fwoe: Message file name, without extension.



  • Checksum Algorithm: Indicates the algorithm to create the checksum. Supported algorithms are:

    • MD5

    • RIPEMD160

    • SHA1

    • SHA256

    • SHA384

    • SHA512



Put done file: Indicates that an empty file indicating a successful completion of the transfer will be created when the creation of the file associated to the PI message is finished. Parameters to be defined are:

  • Done file name schema: Indicates the schema that the name of the done file to be created must follow. Special characters supported are:

  •  

    • %f: Message file name.

    • %fwoe: Message file name, without extension.





SFTP Connection Parameters”

Parameter list, to be report in the channel, to configure the server access and the file transfer.



The following configurable options can be defined:

  • SFTP server data (machine and port)

  • “Timeout” for the connections, meaning the inactivity time of these connections.

  • Proxy data, if the SFTP server connects through it. The proxy types supported by the adapter are HTTP, SOCKS4 and SOCKS5. Basic authentication data (user/password) for these proxies can be defined.

  • If the SFTP server fingerprint should be validate or not. Validation consist of checking if the public key send by the SFTP server is accepted for the server machine in SAP NW PI. To do that, the Avvale SFTP adapter check if the file “<user_home_<SID>adm_user>/known_hosts_PI_SFTP” of SAP NW PI contains an entry for the SFTP server machine with the public key encoded in base64. The line structure of the file is:

  •  

    • <Host del SFTP server>,<IP host del SFTP server>

    • type of public key (ssh-rsa or ssh-dss) depending on if it is RSA or DSA

    • public key encoded in base64 (is the file body with the SSH.com type public key).



An example of one line of the file to accept SFTP server connections which machine is “sftp-server-test” with IP “10.2.4.10” and a RSA type public key would be,



sftp-server-test,10.2.4.10 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAt60CtjBMxiOOqgqfFtKZHY3g99uZpuh5E143FTO4dw+EHWNKemoWq59FMFMIZfSLyUpWmsjVT3PP1bczOXP1OSn967kxLB/w7Xr84B1ZrTLwuR/ilq73HpgO7A8pdEJN7ybprzhs5CBEgaLQo2pOxfqRYyc8TO2ADnZ1WwtjW48=



  • Authentication data against the SFTP server. The adapter supports password authentication (user/password), private key authentication, and private key and password authentication. To use an authentication mechanism based on private key, this key must be stored in the file system of SAP NW PI. The private key must be a RSA or DSA key reported in a private key file with one of the following formats:

    • OpenSSH → Private key file beginning with:

      • -----BEGIN DSA PRIVATE KEY-----

  •  

    • SSH.com → Private key file beginning with:

      • ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----

    • PuTTY → Private key file beginning with:

      • PuTTY-User-Key-File-2:

This file may or may not be protected by “passphrase”.



  • Connection mode used by the adapter. It defines by configuration if the SFTP connections for the channel are permanently set (there is always an open connection for the channel and all files are transfer through this connection) or they are individually set for each file transfer (a connection is opened for each file transfer).

  • Transfer mode of the files. The transfer mode can be binary or ASCII.

  • Activate the throttling to control the network bandwidth in file transfers. If the files to be transferred by the channel can cause congestion of the network or for security in environments with limited bandwidth networks, the bandwidth to be used by the channel can be limited by activating this option and defining the bandwidth limit.

  • Activate the information compression. There are SFTP servers that allow to receive compressed files to be transferred, which are compressed using the algorithm zlib. If the server connected to the channel has this option enabled, the Avvale SFTP adapter allows to activate the option in the channel so the contents of the files could be sent compressed.



The parameters to define these functional aspects are:



Server: Name or IP address of the SFTP server.

Port: Port for the SFTP connection (22 by default).

Timeout(secs): Number of seconds that an established connection can remain inactive before closing. By default, the adapter sets a timeout of 1 minute.

View Proxy: If this flag is activated, the connection against the SFTP server will be done through a proxy. Therefore, it shows the parameters to configure this connection. If the flag is not activated, the connection against the SFTP server will be direct.

Proxy Type: Allow to define the proxy type against it is connected. Supported proxy types are:

  • HTTP

  • SOCKS v.4

  • SOCKS v.5

Proxy Host: Name or IP address of the proxy.

Proxy Port: Proxy port.

View Proxy User Authentication: If this flag is activated, “Proxy User” and “Proxy Password” fields are obligatory. If this flag is not activated, the connection with the proxy will be done without authentication.

Proxy User: Proxy connection user.

Proxy Password: Password of the user above for the proxy connection.

Activate Server Fingerprint Validation: If this flag is activated, the adapter will verify that the SFTP server public key is in the “known hosts” file of SAP NW PI. If it is found, the connection will be established; if not, it will throw an error. If this flag is not activated, the adapter will not verify the SFTP server footprint, it will acept it and the connection will be established.

Authentication Mode: Authentication mode with the following options:

  • By Password: User and password.

  • By Public Key: User and private key.

  • By Public Key and Password: User, password and private key.



User Name: SFTP username.

Password: SFTP user password. (For authentication “By Password” or “By Public Key and Password”).

Private Key File Directory: Directory of the SAP NW PI server where the file with the user private key is. (Para autenticación “By Public Key” o “By Public Key and Password”).

Private Key File Name: File name with the user private key. (For authentication “By Public Key” or “By Public Key and Password”).

Passphrase: Private key password if it is encrypted. (For authentication “By Public Key” or “By Public Key and Password”).

Connect Mode: Represents how to connect to the SFTP server. Possible modes are:

  • Permanently: (By default) A permanent connection is established with the channel. All transfers will use this connection.

  • Per File Transfer Mode: A new connection is established for each file transfer.

Transfer Mode: File transfer mode. Possible values are:

  • Binary: (By default) Binary transfer.

  • Text: ASCII mode transfer.

Use Throttling: If this flag is activated, the bandwidth will be limited according to the value defined in the “Bandwidth to Limit (Kbps)” parameter.

Bandwidth to Limit (Kbps): Bandwidth limit to be used in data transfer. It is measured in Kbps (kilobits per second) and it is an obligatory field if throttling was activated.

Use Data Compression (with zlib alg.): If this flag is activated, the transferred content will be compressed in the adapter using the zlib compression algorithm.

Related content

Avvale 2024