In this article
| Table of Contents | ||||
|---|---|---|---|---|
|
Overview
Use this account type to connect <Snap Pack name> Snaps with data sources that use <Account Type Name> accountsthe SAP S/4HANA Snaps to SAP S/4HANA On-Premise instance using SSL-based authentication.
Prerequisites
- Valid client ID.
- Valid tenant URL.
- ...
- ...gateway system (which includes Host, Port, Client, Logon Language, Path prefix, and Service collection URL).
- Valid certificates (Key store, Trust store, Key/Trust store password, and Key alias)
Limitations and Known Issues
...
None.
Account Settings
| Parameter | Data Type | Description | Default Value | Example |
|---|---|---|---|---|
Label | String |
Required. Unique user-provided label for the account.
Unique name for the account. | N/A | SAPS4HANA_SSL_Auth_Acc | |||||||
User Id | String | Required. The user name to connect to the SAP S/4HANA On-Premise server. | N/A | newaccountuser | |||||
Passphrase | String | Required. The password of the entered user name to connect to the SAP S/4HANA On-Premise server. | N/A | z00md0g!pack@Heavy/ | |||||
Host | String | Required. The host server name of SAP S/4HANA On-Premise server. | N/A | newhost.example.com | |||||
Port | String | Required. The port of SAP S/4HANA On-Premise server. | N/A | 35004 | |||||
Client | String | Required. The client id of the SAP S/4HANA On-Premise server to which the user has access to. | N/A | 100 | |||||
Logon Language | String | Required. The logon language for specified Application Server. | N/A | EN | |||||
| Path prefix | String | Required. The prefix of the gateway endpoint path. Path prefix specifies a text element to add to the start of the URL used for connections to the service. Path prefix is used to build a Catalog URL and fetch associated service collection.
| /sap/opu/odata | /sap/opu/odata | |||||
Service collection URL | String | Required. The service collection URL of the gateway endpoint path. Service collection URL specifies the relative path from where the catalog service is retrieved. Also, specify the sap-client following the URL. | /iwfnd/catalogservice/ServiceCollection | /iwfnd/catalogservice/ServiceCollection | |||||
| Key store | String | Required. The location of the key store file. It can be in the SLDB or any other unauthenticated endpoint such as https://... | N/A | https://example.com/keystore_path/file.p12 | |||||
| Trust store | String | Required. The location of the trust store file. It can be in the SLDB or any other unauthenticated endpoint such as https://... | N/A | https://example.com/truststore_path/file.jks | |||||
| Key/Trust store password | String | Required. Password for key/trust store. It is used for both, Key store and Trust store, if both are defined. | N/A | z00mD0g!/ | |||||
| Key alias | String | Required. The alias for the Key/Trust store password. | N/A | 0017017439 |
Troubleshooting
| Error | Reason | Resolution |
|---|
Account validation failed
The Pipeline ended before the batch could complete execution due to a connection error.
Verify that the Refresh token field is configured to handle the inputs properly. If you are not sure when the input data is available, configure this field as zero to keep the connection always open.
IO/Error Cause: File not found on at | The file path entered is incorrect. | Ensure that the file path is correct. |
| IO/Error Failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. | Key store password is incorrect. Such issues can arise if an incorrect key is used during decryption. |
|
| PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. | Valid certification path to requested target is not found. |
|
| IO/Error Cause: toDerInputStream rejects tag type <--- type number --->. | toDerInputStream rejects tag type <--- type number --->, the input file is rejected. |
|
| Detect premature EOF. | The file is empty. |
|
Additional Information
SAP Gateway
SAP Gateway, an integral part of SAP NetWeaver, lets you connect devices, environments, and platforms to SAP systems. It uses the Open Data Protocol (OData) so you can use any programming language or model to connect to SAP and non-SAP applications. SAP S/4HANA uses SAP Gateway and OData services to bring business data to compelling SAP Fiori apps. Snaps in the SAP S/4HANA Snap Pack use an SAP Gateway URL to access the S/4HANA services.
| SAP S/4HANA Gateway URL | |
|---|---|
| Format | http(s)://<host>:<port>/<Path Prefix>/<Service collection URL>? sap-client=<Client Entry Number>&sap-language=<Logon Language> |
| Example | https://s4hana.example.com:44300/sap/opu/odata/iwfnd/catalogservice/ServiceCollection?sap-client=100&sap-language=EN |
SSL Connection
SAP S/4HANA allows users to access the SAP gateway and APIs using X509 certificate authentication. To implement this certificate-based authentication (SSL), you need to upload the key/trust store files on your SnapLogic tenant and configure this account accordingly. Refer the following resources for more details about the SAP security and SAP SSL certificate settings.
- SAP Security Guide
- Prepare SSL when SAP S/4HANA is on-premise
- Configuring Client Certificate Authentication (mutual https) on SAP Gateway
- X.509 Client Certificate Authentication Method
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
...