AS2
You can send and receive AS2 messages via HTTP over TCP/IP. We will describe AS2 and its installation, specific settings and test possibilities. Other EDI tools have their own specific settings that are not described here. Please note that our AS2 service of is certified by Drummond.
Basic procedure
Applicability Statement 2 (AS2) is a standard for securely and reliably transporting data over the Internet via HTTP or HTTPS. AS2 specifies how two communication partners connect and how messages are sent, validated, and confirmed. AS2 creates an envelope for a message, which is then securely sent.
Digital signatures can check the integrity and the authorship of a message and the data can be secured by encryption. The sender may request a Message Disposition Notification (MDN) if all went well, but does not have to request such a notification. Additionally, the MDN contains information about successful decryption and signature validation.
A characteristical difference to other transmission standards is that the user does not depend on technical protocols to prove a successful transmission since he has the proof in the form of a message itself (MDN). Another advantage of the standard is that there are no additional costs for the transmission and that it is very fast and reliable. On the other hand, you might (not necessarily) have to invest in a certificate. Note: To view MDNs in the Control Center, the communication must have been carried out via a partner channel.
AS2 can be seen as a replacement for X.400. We can support you with migrating from X.400 to AS2. Please contact our support or sales staff.
AS2 installation
After the installation, all the necessary components are available, but make sure that you have licenced the AS2 service and have activated (commented out) the relevant section in the configuration file ./etc/factory.xml.
<Call name="addService"> <Arg>com.ebd.hub.services.as2.As2Service</Arg> <Arg>etc/as2.xml</Arg></Call>The configuration file ./etc/as2.xml already contains a segment that is using an HTTP server "Main Server". This HTTP server is a prerequisite for the operation of the AS2 service and will automatically be started with the start of the Integration Server. Following the relevant segment of configuration file ./etc/as2.xml.
<Call name="setContext"> <Arg>Main Server</Arg> <Arg>/partner/*</Arg> <Arg>/AS2Retrieve/*</Arg></Call>The context of the HTTP server to be used is already specified in this file with /partner/* and /AS2Retrieve/*. By using wildcards, it is possible that additional subpaths are added.
This setting allows you (or your communication partner) to access the AS2 service under the following address.
|
http://<URL or IP of Integration Server>/partner/AS2Retrieve/ |
The entries in the configuration file can be extended as required. If you want to add another HTTP server, see the Admin Console documentation for more information.
If you want to use a DMZ server, no additional installation is required for the AS2 service on the DMZ server. In this case, the firewall of the DMZ server must only be configured to automatically forward requests from a specific partner to a particular IP and port number of the previously described internal HTTP server.
The above-shown URL is correct for a standard installation. If you are not sure about the ports (the standard port is 80 and does not have to be specified in the address), you will find them in the following entry under menu item HTTP/Info in the Admin Console.
HttpServer Main Server [Start]Listeners:SocketListener1@0.0.0.0:8080 [Stop]SunJsseListener2@0.0.0.0:443 [Stop]
This results in the following URLs.
http://<URL or IP of Integration Server>:8080/partner/AS2Retrieve
https://<URL or IP of Integration Server>:443/partner/AS2Retrieve
Testing the availability of the AS2 service
The simplest way to test the AS2 service is by using your browser. Type in the following address.
|
http://<URL or IP of Integration Server>/partner/AS2Retrieve/ |
A correctly configured AS2 service replies with an MDN (file). Please save that file and open it in a regular text editor. The content should be similar to the following.
------=_Part_0_24916054.1236247212828Content-Type: text/plain; charset=us-asciiContent-Transfer-Encoding: 7bitMDN for -Message-ID: nullFrom: nullTo: nullReceived on: n.a.Status: failed: authentication-failureComment: This is not a guarantee that the message hasbeen completely processed or understood by the receivingtranslator------=_Part_0_24916054.1236247212828Content-Type: message/disposition-notificationContent-Transfer-Encoding: 7bitReporting-UA: Lobster AS2-Server (IS/5.7.19_14147)Original-Recipient: rfc822; nullFinal-Recipient: rfc822; nullOriginal-Message-ID: nullReceived-Content-MIC: 2jmj7l5rSw0yVb/vlWAYkK/YBwk=, sha1Disposition: automatic-action/MDN-sent-automatically; failed: authentication-failureFailure: You're unknown to this system------=_Part_0_24916054.1236247212828--If you get such a response, the AS2 service is reachable and ready to use (you can ignore the authentication error in the MDN since we were only interested in the reachability).
Different port
If the default HTTP port (80) is not used, you can determine the correct one as follows. The configuration file./etc/as2.xml contains the following entry.
<Call name="setContext"> <Arg>Main Server</Arg> <Arg>/partner/*</Arg> <Arg>/AS2Retrieve/*</Arg></Call>You can use the name of the HTTP server (here Main Server) in the Admin Console to find the ports of the listeners.
Based on that information, the URLs might then, for example, be
http://<host>:8080/partner/AS2Retrieve
https://<host>:8443/partner/AS2Retrieve
Parameter exchange with partner
The communication with AS2 requires several parameters that have to be exchanged between the communication partners. Following a list of these parameters (you have to send one list to your partner and your partner has to send one to you). Please communicate with your partner and exchange the necessary parameters before you try to establish a connection.
|
Parameter |
Description |
Optional/Mandatory |
|
AS2 Identifier |
The ID you use for your AS2 partner on your system (like a user name/login for your partner). It is recommended to use your company name plus a prefix, e.g. AS2_EXAMPLECOMPANY. |
M |
|
AS2 Address URL |
This is the URL of your AS2 service. The standard URL of the AS2 service is http://<URL/IP of Integration Server>/partner/AS2Retrieve/ (as configured in ./etc/as2.xml). |
M |
|
Connection IP Address |
The IP address of your AS2 service (has to be unblocked on your firewall). |
M |
|
Connection Port |
The port of your AS2 service (has to be unblocked on your firewall). |
M |
|
Outgoing IP |
The IP from which you send AS2 messages (has to be unblocked on your partner's(!) firewall). Note: You have to use the IP of your DMZ if you are using one. |
M |
|
Certificate |
You might choose to provide a URL for your partner to download certificates, but you can also exchange them otherwise. The use of certificates is optional. |
O |
|
Encryption Algorithm |
Encryption algorithm for the messages. |
O |
|
Signing Algorithm |
Encryption algorithm for the signatures. |
O |
|
Content Type |
Some partners require a certain content type (is set in the Response). We do not need a content type. |
O |
|
MDN Delivery Mode |
MDNs can be sent synchronously or asynchronously. If the synchronous mode is chosen, the MDN is expected as an immediate response to the AS2 message (same URL). In asynchronous mode, the MDN is sent to a separately specified URL (at some point in time). Note: Both sides have to use the same mode. |
O |
|
MDN URL Async Mode |
The URL to which an MDN shall be sent if the asynchronous mode is used, e.g. http://example.com/as2 |
Sending and receiving
Creating AS2 partner channel
To send or receive data via AS2, you need to create a communication partner in the Partner Administration.
The AS2 partner channel shown in the screenshot above allows you to send and receive data (1). Your URL will be the one configured in file ./etc/as2.xml, as mentioned earlier (http://<URL/IP of Integration Server>/partner/AS2Retrieve/).
The AS2 identifiers (2) and (3) are mandatory, no matter whether you only want to send or only want to receive data.
Partner Administration parameter (4) refers to parameter AS2 Address URL in section "Parameter Exchange with Partner". Enter the AS2 URL of your partner in this field.
Certificates can be selected in (5). Checkboxes Send signed, Receive signed, Send encrypted, and Receive encrypted (6) allow you to activate the optional use of signatures and encryption on both sides (incoming and outgoing). The encryption algorithms can be chosen from the drop-down menus Signature algorithm and Encryption. (7). The two fields with label MDN Type and MDN URL (8) allow you to set whether an MDN should be sent synchronously or asynchronously from the partner. If asynchronously is chosen, the MDN has to be sent to the specified URL at some point after the data transmission. If synchronously is chosen, the transmission of the MDN is expected as a direct response to the data transmission.
If no settings are made in the field MDN Type and MDN URL, the system settings are taken from the configuration file ./etc/as2.xml. The default setting is synchronous. The default URL in the asynchronous mode is set in file ./etc/as2.xml.
<!-- Set your valid URL here to enable asynchronous sending (like http://<server>/partner/AS2Retrieve) --> <!-- Set name="defaultMDNAsynchronousURL" -->Sending data via AS2
The screenshot shows a Response "AS2" with the chosen partner channel "AS2ExamplePartner". All the other parameters can be set like in any other Response. If you want to use a URL different to the one set in the partner channel, simply use the field URL to overwrite that setting for this Response. Parameter field "File" sets the filename.
Receiving data via AS2
Create an Input Agent of type "AS2" and push your communication partner to the right.
The field "File pattern" is an optional parameter that cannot be transmitted by all AS2 systems. The standard setting allows you to receive data with and without filenames.
AS2 service with DMZ
There are two options to configure your AS2 service. The first one is an HTTP forwarding from the DMZ server to the internal server, i.e. without an AS2 service on the DMZ server. The second possibility is the one known for the FTP service. The data will in most cases be sent from the internal system.
Forwarding from the DMZ server
This will make sure that your communication partner gets a direct response if the internal system is not available. If you choose that option, make sure to open the HTTP port (default is 80) between the DMZ server and the internal server.
The following entries have to be added in file ./etc forward.properties on your DMZ server.
/partner/AS2Retrieve=http://internerserver/partner/AS2Retrieve/partner/AS2Retrieve/*=http://internerserver/partner/AS2RetrieveSend AS2 messages via dynamically assigned alternative DMZ
See section Sending via dynamically assigned alternative DMZ.
Checklist for AS2 operation
Running Lobster installation.
Java(TM) Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
A permanent internet connection when data is to be received.
Licenced AS2 service (add-on module). Please contact our support or sales staff.
AS2 parameters have been exchanged between the communication partners.
AS2 partner created and configured in the Partner Administration. If certificates are used, they have to be imported for the respective partner.
Profile for AS2 processing was created using the configured channels.