[SAP PI] – Choose the Right Adapter to integrate with SAP systems

23 03 2011

Often we come across the dilemma of which adapater should I use while integrating with SAP systems. Will try and discuss on the options available and what could be some of the points that one should consider before you zero in one of the adapters.
If you see the list of Adapters given by SAP, a quick seggregation can be done depending on the type of systems that these adapters are going to communicate with.

Now, one of the obvious systems with which XI is going to communicate will the SAP systems (SAP R/3 – 4.6C, 4.7, ECC 5.0, CRM, SRM etc etc). Now these systems could be on the sending side or on the receiving side or could be on both sides where R/3 is integrating with SRM / CRM …. or vice versa.
So, what are the options that SAP gives us to communicate with SAP systems.

1. IDOC Adapter
2. RFC Adapter
3. Proxy

Now, how do you choose the right one for a given scenario. One of the things that SAP strongly suggests is the usage of PROXIES.

Now, if you take a close look at the adapters specified here, the one thing that strikes right away is the usage of proxies. We know that proxy generation is possible only if your WAS is >= 6.20. So, that is one parameter that comes up straight away for the usage of proxies.

— Use Proxies only if the WAS version is >= 6.20.

We will also look into other reasons where we should go for a proxy.

Let’s take a case and discuss the same.
The immediate question that probably you are getting is :
I am on WAS 6.2 or higher and also at the same time either I have a standard BAPI / Remote enable function module for the given functionality on the application system. So, what should I do now?

In this case, there are 2 ways in which the implementation can happen.

1. Configure a RFC Adapter and call the BAPI / RFC. However the potential problem that I could see is that the RFC adapter existing on the Java stack communciating with the BAPI existing on the SAP application system.
2. The second option that I have got is to write a proxy on the SAP application system (which will be called by XI) and internally the proxy will call the BAPI.
At this point of time if your question is, as long as I am dealing with the latest versions of SAP systems, should I totally avoid using RFC Adapters – MY TAKE on this would be, YES. Do NOT use RFC Adapter, rather go ahead and use the proxy.
However, the problem could be that the pre-built meta data and the mapping that SAP delivers might not be useful as the BAPI is wrapped with a PROXY now. But as the proxy is also expected to have the same message interface as that of the BAPI, we might still be able use the pre-defined mapping. This is something that we need to try out and then decide how do I go about this interface.

But for whatever reasons, if you are not getting advantage of the pre-defined integration content, PROXY is the way to go.
Now, if you are dealing with SAP systems < 6.20, we do NOT have choice of PROXY anyway, so go ahead and use a RFC adapter.
Now, as far as the IDOC adapter is concerned I think the choice would be straight forward. Where ever there is a standard IDOC given by SAP (usually mapping also will be delivered for SRM / CRM system integrations), so go ahead and use the same.
The questions that you might be having now is that for a standard object if I have an IDOC as well as a BAPI, which one do I go for. My opinion would be its going to be dependent on the specific scenario that you are trying to develop. We can think of multiple variations of design for this case.
For Exapme

1. Send one IDOC at a time.

2. Club multiple IDOCS and send as a single IDOC.

3. Make one single RFC call, for each business transaction.

4. Avoid making multiple calls to the same BAPI / RFC, rather have a wrapper BAPI and send all the records in one time.

5. Use the PROXY and send all the data in one shot and make single calls to the BAPI from the PROXY on the application system – only if you can use PROXIES.

The biggest advantage of the proxy is that it always by passes the Adapter Engine and will directly interact with the application system and Integration engine – so it will and should give us a better performance.

So, there are the choices that you have while designing a SAP interface, so take a close look at the interface and identify your priorities for the interfaces. The parameteres could be some thing like PERFORMANCE, ERROR LOG, AUDIT LOG, MONITORING OF THE TRANSACTIONS INDIVIDUALLY. Do a comparison of the pros and cons of the choice of adapters that you have for the parameters for the specific interface and then make a call.

Initially, it might look alike – what’s the big deal, its a simple case of sending / receiving data from SAP – especially if you are coming from R/3 world, but bellive me, you have got good chances of landing up in trouble, if you don’t take care of your priorities of the interface.




Ravikumar Allampallam
Business Card
Company: Wipro Technologies
Posted on Aug. 14, 2005 05:25 AM in SAP Process Integration (PI)


[SAP XI] – SSL Certificate installation procedure for SAP J2EE engine 6.30 – steps in visual administrator

8 03 2011

Author: Aniket Tare

Pre-requisite (refer installation guide for detailed procedure of pre-requisites):
1. You have installed the SAP cryptographic libraries as mentioned in the installation guide.
2. The Keystore and SSL services are enabled. 

Following are the steps for installing the SSL certificates in the portal
Start the Visual Administrator. Navigate to the directory given below.
<Installation Drive>\usr\sap\<Instance Name>\JC<Instance Nr>\j2ee\admin\go.bat
1. Login to the Visual Administrator using the Administrator user id and password.
2. Navigate to the ‘Keystorage’ service as shown in the screen below.

3. In the ‘Views’ pane select service_ssl and click the ‘Create’ button to generate a certificate signing request (CSR). Screen as shown below will pop-up. Maintain the entries in the screen below.
4. Give an entry name. Select the store certificate checkbox.
5. Click on ‘Generate’ button.
6. Two entries will be created in ‘Entries’ pane as shown in the screen below.

7. Place the cursor on the private key pair entry in ‘Entries’ pane and click on ‘Generate CSR request’ and save the file with a ‘.csr’ extension. (Note – you will have to type the extension yourself, the visual administrator will not add it to the file). You have created a certificate signing request. The Certification Authority (CA) will be issuing a signed certificate against this .csr file.
8. Now send the .csr file created to the certificate signing authority. The CA will then send you the signed certificate.
9. After receiving the signed certificate change the extension of the file (if not already changed) to ‘.crt’ (different CAs send files with different extensions, please change the extension to .crt).
10. Place the cursor on the private key pair entry and click the Load button and load the signed certificate into the system.

This ends the process if the certificate sent by the CA also contains the intermediate certificate. If that is not the case the intermediate certificate needs to be installed separately as described in two additional steps (11 and 12) below:

11. Download the intermediate certificate from the web site of signing authority (The CA should be able to provide you with the URL for downloading intermediate certificate) and store it as a ‘.crt’ file.
12. Now place the cursor again on the private key pair entry and click the load button. This loads the intermediate certificate into the system.

This completes the procedure of loading the certificates in the system. The entire certificate chain of root certificate, intermediate certificate and client certificate is now installed successfully.

Now we need to configure the SSL service to use this newly installed cetrtificate:

13. Navigate to <Instance name>->Server->Services->SSL Provider.
14. Choose the entry for dispatcher in pane of left hand side.
15. Choose radio-button ‘New sockets’, select entry.
16. Navigate to tab ‘Server identity’.
17. Select ‘Add’ and choose the newly created entry for SSL certificate.
18. Repeat the procedure for ‘Active sockets’.
19. Restart the portal.



How to configure FTPS in File Adapter.
Author: Raja Sekhar Reddy T

The main Moto of this blog was which explains FTP Secure configuration.

FTPS (also known as FTP Secure and FTP-SSL) is an extension to the commonly used File Transport Protocol(FTP) that’s adds support for the Transport Layer Security(TLS) and the Secure Sockets Layer(SSL) cryptographic protocols.

FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure File transfer sub system for the Secure Shell (SSH) protocol. It is also different from the Secure FTP, the practice of tunneling FTP through an SSH Connection.

I am not going to compare FTPS with SFTP, and not going to discuss about SFTP, already blogs available on the same. (http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/12426).

Before configuring Communication channel, we have to deploy the certificates

1) SAP Java Cryptographic Toolkit has to be deployed in J2EE Engine.

2) Public key Certificate (SSL Certificate) which is provided by FTPS Server has to be deployed in J2EE Engine.

3) The CA certificate used to sign the server certificate must be added to the Trusted As key store view in J2EE Engine. (For PI7.1/7.0 no needs to deploy these toolkit and CA certificate. Because those will be already present in the Server itself).

Take basis people help to deploy required certificates in PI J2EE server.

Refer below link for more info



1) Crete communication channel.









2) Select Connection security










FTPS (FTP Using/TLS) for control connection: The FTP control connection is protected using TLS/SSL (Transport Layer Security/Secure Sockets Layer).File transfer is unencrypted.

FTPS (FTP Using SSL/TLS) for Control and Data Connection:

All communication with the FTP server is encrypted and uses TLS/SSL.



3) In Command Order Specifies the sequence of commands used to authenticate and secure the connection. Retain the default setting. Only adjust the sequence of commands to match those expected of the FTP server if you encounter problems with the FTP connection.





AUTH TLS: Defines the authentication mechanism used for the current FTP session.

USER: Sends a User Logon ID to the Server

PASS: Sends a Password to the Server

PBSZ: Defines the largest buffer protection buffer size to be used for application-level encoded data sent or received on the data connection.

PROT : Defines the protection used for FTP data connections.

4) Use X.509 Certificate for Client Authentication, Set this indicator if the adapter, in contrast to the FTP server, is to use X.509 certificate and public-key cryptography to authenticate itself. The corresponding key/certificate pair must previously be saved in a keystore view of the J2EE server.

Give The Details in KeyStore and x.509 Certificate by selecting the help. If we already deployed the Certificates in J2EE Engine, help will be provided and we have to select from that as shown below.

Enter the Keystore and the X.509 Certificate and Private Key. To do this, you can use the input help.

Keystore contains certificates that are used for authentication and encryption.











5) An X.509 client certificate is a digital “identification card” for use in the Internet, also known as a public-key certificate. So public key Certificate has to be selected.










6) Final configuration looks like below.


The FTPS configuration for both sender and receiver communication channels is similar.


[SAP PI] – How to Send Binary Data to RFC from XI(or)PI

18 02 2011

This WIKI Section illustrates a way to post binary data from XI/PI to a custom developed BAPI in R/3 using Base64 encryption method. Also Covers below Topics,

1. How to post binary data to the XI/PI inbound HTTP adapter using java based HTTP client.
2. Base64 Encryption of binary data in message mapping (Java Mapping) in case if the binary message is from Adapter or Proxy e.g., File Adapter.
3. Sample code for ZBAPI and functionality of standard SAP bapi SSFC_BASE64_DECODE.

The idea behind this article is to understand and post binary data (e.g., image files, PDF’s etc…) to a SAP function module such as a ZBAPI.
The problem lies in as we cannot directly embed binary data in XML tags due to different potential parsing problems of the XML parser (http://articles.techrepublic.com.com/5100-10878_11-1050529.html).
The RFC Adapter in XI only supports RFC XML Message Protocol. That is the RFC adapter on the sender side parses the RFC Meta Data to RFC XML
and on the receiver side parses in the

reverse way from RFC XML to RFC Meta Data (http://help.sap.com/saphelp_nw04/helpdata/en/14/80243b4a66ae0ce10000000a11402f/frameset.htm).
In this article I am using the BASE64 encryption/decryption logic to achieve the same.


[SAP PI] – Mapping Enhancements Series: Using Graphical Variable

15 02 2011


Graphical variable is a new feature in the Message Mapping tool of PI 7.1. Among many of the new features, I think this simple feature will probably be one of the most useful, if not the most used new feature in PI 7.1.Graphical varaible will replace a lot of previously development effort for global variables. It makes the development process much easier and brings a lot of clarity on when a “global” value will be calculated.

This blog will go into the details on its advantages and usage.

Using Graphical Variable:

Let’s take a look at the following mapping requirement:

  1. Assign the source’s “record” count value to the “recCount” element of every row in the target.
  2. Concatenate the source’s “lastName” and “firstName” to the target’s “fullName”.


Create 2 graphical variables:

  1. Right-click on the root node (target_MT) and select “Add Variable”.image
  2. Name the variable “varNoOfRec”.image
  3. Create another variable, “varFullName”, for the target’s node “rows”, by right-clicking on “rows” and select “Add Variable”.image

Assign values to the 2 graphical variables:

  1. Double-click on the variable “varNoOfRec” and assign the following mapping.imageThis variable “varNoOfRec” will be executed for each occurence of “target_MT”. In this case, it will be executed only once, since “target_MT” is the root.
  2. Double-click on the variable “varFullName” and assign the following mapping.imageThis variable “varFullName” will be executed for each occurence of “record” in the target.

NOTE: With where the variable is defined, it is clear as to when it will be executed and can be used.

Use the variables in mapping:

  1. Double-click on “recCount” and drag-n-drop (do not double-click) the variable “varNoOfRec” to the mapping area and assign the following mapping.image
  2. Double-click on “fullName” and drag-n-drop (do not double-click) the variable “varFullName” to the mapping area and assign the following mapping.image
  3. Assign something to the target’s “var2”, it is not important what. In this case, I just assigned it the element “data2” from the source. Also, we need to assign “record” to “rows” to complete the mapping.

Verifying the mapping:

Even though the mapping shown here is quite simple, but when there is a complex structure, using variables (especially, when they have to be re-used over-n-over again) can save a lot of development and processing time.Below is the result of the mapping. The graphical variables are not sent to the target structure. The “recCount” value for each row is only calculate once during the mapping, not for every row. The “fullName”, however, is calculated for each row.



William Li SAP Employee Active Contributor Silver: 500-1,499 points
Business Card
Company: SAP Labs
Posted on Feb. 13, 2008 12:42 PM in SAP Process Integration (PI)

URL: https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/8650

[SAP PI] – Configure CTS on SAP PI 7.1

11 02 2011

RFC Destination J2EE -> Abap

RFC Destination J2EE -> Abap



Refer to this document:  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/20ccd0ec-2839-2b10-0097-828fcd8ed809?QuickLink=index&overridelayout=true


[SAP PI] – Customize Idoc Source Message with XSLT Mapping into File

10 02 2011

In SDN Forum, i’ve found this question:

Hi Experts,

In one of the threads here i came across a statement on the advantages of the XSLT mapping over other mappings which says

‘File content conversion at receiver side can be avoided in case of text or html output’.

I have a Idoc to FIle scenario wherein I am currently using a combination of message mappping and a FCC at the recvr adapter.

Can i use XSLT mapping instead of the combination currently in use stated above? Also the file format expected is plain text format.

I believe the XSLT mapping would generate a file with XML tags which is what i do not want. Please advise.

However, i would like this to be explained with an example to make it more clear

Source Idoc:
<parent 1>
<child 1>ABCD</child 1>
<child 2>123</child 2>
<child 3 >@#$</child 3>
</parent 1>

Target file:
000ABCD123 00@#$

Can you suggest the mapping i would need to employ for this?



This, can be the answer:

<xsl:stylesheet version=”1.0″ xmlns:xsl=”http://www.w3.org/1999/XSL/Transform”>

<xsl:template match=”/”>

<xsl:for-each select=”parent 1″>

<td><xsl:value-of select=”child 1″/><xsl:value-of select=”child 2″/><xsl:value-of select=”child 3″/></td>



[SAP PI] – Customize Message with XSLT Mapping

26 01 2011

Hi guys,

This is an example for XSLT mapping, to customize processing message, inserting Authentication Header in SoapMessage:

<xsl:stylesheet version=”1.0″ xmlns:xsl=”http://www.w3.org/1999/XSL/Transform”&gt;

<xsl:template match=”/”>

<soap:Envelope xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/&#8221; xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance&#8221; xmlns:xsd=”http://www.w3.org/2001/XMLSchema”&gt;


<ServiceAuthHeader  xmlns=”http://test.webservice.it/”&gt;






<xsl:copy-of select=”*”/>







This mapping, product a message like:

<soapenv: envelope….>

<soapenv: header>


<user name…>


…etc> >


</soapenv: header>

<soapenv: body>







This message mapping (xslt file), can be putted into MessageMapping Interface.