HTTP Client Adapter

The HTTP Client adapter sends HTTP requests to trading partners by using a perimeter server. The HTTP Client adapter replaces the B2B HTTP Client adapter and the HTTP Send adapter.

The following table provides an overview of the HTTP Client adapter:

System name	HTTP Client Adapter
Graphical Process Modeler (GPM) category	None
Description	Sends HTTP requests to trading partners using a Perimeter server. The HTTP Client adapter replaces the B2B HTTP Client adapter and the HTTP Send adapter, which is being retired. The HTTP Client adapter and its related services provide all the functionality of the former two adapters plus the following enhancements: Use Perimeter services Highly scalable (>150 concurrent transfers) Supports large files up to 2 GB Supports HTTP 1.1
Business usage	Use this adapter to send documents to a trading partner using HTTP.
Usage example	The Sterling B2B Integrator business process must send a message to a trading partner and the trading partner's profile specifies HTTP as the transport protocol. The business process passes the document as well as information about the trading partner to the HTTP Client adapter. Using the information provided in the business process, the HTTP Client adapter connects to the trading partner and transfers the document, enforcing any security specifications from the business process.
Preconfigured?	No
Requires third-party files?	No
Platform availability	All supported Sterling B2B Integrator platforms
Related services	Related services: HTTP Client Begin Session Service HTTP Client End Session Service HTTP Client GET Service HTTP Client Method Service HTTP Client POST Service
Application requirements	An HTTP server is required at the external trading partner location. When this adapter is configured with a non-local-mode Perimeter server, the Perimeter server must be installed and running. This Perimeter server is typically installed in a DMZ environment, separated from Sterling B2B Integrator by a firewall.
Initiates business processes?	No
Invocation	The HTTP Client adapter is invoked from one of the HTTP Client services used within a business process.
Business process context considerations	Business processes using HTTP client services should not be marked as Auto Resume. These services require an established session which will no longer exist after a restart.
Returned status values	Returned status values: 100s – Informational parameters and more status parameters will follow. 200s – Request was OK. 300s – Request failed and more status codes will follow. 400s – Client Request Failed. This is a client error. 500s – Server failed to handle a valid request. This is a server error. Note: For information on setting the SOAP fault status to return 500 HTTP error status, see SOAP Outbound service.
Restrictions	All work bound within an HTTP Client Begin Session service and an HTTP Client End Session service must be within the same business process.
Persistence level	N/A
Testing considerations	To test this adapter, run the HTTPClientDemoAllServices business process and verify that it completes successfully. For more information about the HTTPClientDemoAllServices business process, see the Business Process Example. Debug information related to this adapter can be found in the HTTP Client Adapter and Services log.

Implementing the HTTP Client Adapter

To implement the HTTP Client adapter, complete the following tasks:

Create an HTTP Client adapter configuration. For information, see Managing Services and Adapters.
Configure the HTTP Client adapter. For information, see Configuring the HTTP Client Adapter.

Configuring the HTTP Client Adapter

To configure the HTTP Client adapter, you must specify field settings in Sterling B2B Integrator:

Field	Description
Name	Unique and meaningful name for the adapter configuration. Required.
Description	Meaningful description for the adapter configuration, for reference purposes. Required.
Select a Group	Select one of the options: None – You do not want to include this configuration in a group at this time. Create New Group – You can enter a name for a new group in this field, which will then be created along with this configuration. Select Group – If you have already created one or more groups for this adapter type, they are displayed in the list. Select a group from the list. Note: For more information about groups, see Managing Services and Adapters.
Perimeter Server Name	List of Perimeter servers, including local-mode Perimeter servers. Required.
Local port range	Ranges or lists of local ports to restrict the adapter to. For example, 123-456 or 123,124,999.
Global Proxy Server	Available Global Proxy Servers. Select a global proxy server to enable all adapters to share a common proxy configuration. You can configure changes to all the proxy servers globally instead of modifying each adapter instance. For additional information on global proxy server, see Global Proxy Server Setting. Note: If you have enabled both Use proxy server and Global Proxy Server parameters with specific proxy settings, the value entered for the Use proxy server parameter overrides the setting in the Global Proxy Server.
Number of connection retries	Number of times the HTTP Client adapter will try to connect to the server. Required. Valid value is any integer between 0 and 50. Default is 3.
Delay between retries (second)	Number of seconds the HTTP Client adapter will wait between retry attempts. Required. Valid value is any integer between 1 and 7200. Default is 20.
Response timeout (second)	Number of seconds it should take for the server to respond. Required. Valid value is any integer between 1 and 999999. Default is 60.
Use proxy server	Indicates whether to use an HTTP proxy server. Required. Valid values: Yes – A proxy server will be used No – No proxy server will be used
Enable SNI	Indicates whether to use Server Name Indication (SNI) feature or not. Required. Valid values are `No` or `Yes`. The default value is `No`.
Proxy hostname	IP address or host name of the proxy server to use. Required if Use proxy server is set to Yes. This parameter can be overridden by a Trading Partner profile setting.
Proxy port	Port number of the proxy server. Required if Use proxy server is set to Yes. This parameter can be overridden by a Trading Partner profile setting.
Proxy retry attempts	Number of times the HTTP Client adapter will try to connect to the proxy server. Required if Use proxy server is set to Yes. Valid values: any integer between 0 and 50. Default is 3. This parameter can be overridden by a Trading Partner profile setting.
Use Proxy Basic Authentication	Whether the proxy server requires basic authentication. Required if Use proxy server is set to Yes. Valid values: Yes – Proxy basic authentication will be used No – Proxy basic authentication will not be used
Proxy username	User name to use with the proxy server. Required if Use Proxy Basic Authentication is set to Yes.
Proxy password	Password for the Proxy username. Required if User Proxy Basic Authentication is set to Yes.

Business Process Example

The following example business process illustrates the use of the HTTP Client services, which work through the HTTP Client adapter:

The associated BPML code is shown below:

 <process name="HTTPClientDemoAllServices">
  <sequence>
    <!-- Get obscured password -->
    <operation name="Obscure Password">
      <participant name="HTTPClientObscureParameter"/>
      <output message="outmsg">
        <assign to="." from="*"></assign>
      </output>
      <input message="inmsg">
        <assign to="HTTPClientObscureResults" from="*"></assign>
      </input>
    </operation>
     <!-- HTTP Client Begin Session service-->
     <!-- Create connection to specified host and port -->
    <operation name="HTTP Client Begin Session Service">
      <participant name="HTTPClientBeginSession"/>
      <output message="HTTPClientBeginSessionServiceTypeInputMessage">
        <assign to="HTTPClientAdapter">HTTPClientAdapter</assign>
        <assign to="RemoteHost">httpserver</assign>
        <assign to="RemotePort">12345</assign>
        <!-- If server requires Basic authentication -->
        <assign to="RemoteUserId">userid</assign>
        <assign to="RemotePasswd"  from="HTTPClientObscureResults/admin/text()"></assign> 
            RemoteUserId and RemotePasswd are not needed if using a 
            trading partner profile. The profile will supply this information.
        <!-- To use a Trading Partner profile -->
        <assign to="ProfileId">someExistingProfileId</assign>
        <!-- To override HTTPClientAdapter configuration settings -->
        <assign to="ConnectionRetries">10</assign>
        <assign to="RetryDelay">1</assign>
         <!-- If server requires SSL authentication -->
        <assign to="SSL">Must</assign>
        <assign to="CipherStrength">Strong</assign>
        <assign to="CACertificateId">SomeHttp-Id</assign>
        <assign to="SystemCertificateId">httpsampleclientcert1-Id</assign>
        <assign to="." from="*"></assign>
      </output>
      <input message="inmsg">
        <assign to="HTTPClientBeginSessionServiceResults" from="*"></assign>
      </input> 
</operation>
     <!-- HTTP Client Method Service -->
    <operation name="HTTP Client Method Service">
      <participant name="HTTPClientMethod"/>
      <output message="HTTPClientMethodServiceTypeInputMessage">
        <assign to="SessionToken"  from="HTTPClientBeginSessionServiceResults/
             SessionToken/text()"></assign>
        <assign to="MethodType">HEAD</assign>
        <assign to="URI">/hello</assign>
        <assign to="RawResponse">true</assign>
        <assign to="." from="*"></assign>
      </output>
      <input message="inmsg">
        <assign to="HTTPClientMethodServiceResults" from="*" append="true"/>
      </input>
    </operation>
    <!-- HTTP Client POST Service -->
    <operation name="HTTP Client Post Service">
      <participant name="HTTPClientPost"/>
      <output message="HTTPClientPostServiceTypeInputMessage">
        <assign to="SessionToken" from="HTTPClientBeginSessionServiceResults/
             SessionToken/text()"></assign>
        <assign to="URI">/hello</assign>
        <assign to="RawResponse">false</assign>
        <assign to="." from="*"></assign>
      </output>
      <input message="inmsg">
        <assign to="HTTPClientPostServiceResults" from="*" append="true"/>
      </input>
    </operation>
    <!-- HTTP Client GET Service -->
    <operation name="HTTP Client Get Service">
      <participant name="HTTPClientGet"/>
      <output message="HTTPClientGetServiceTypeInputMessage">
        <assign to="SessionToken"  from="HTTPClientBeginSessionServiceResults/
               SessionToken/text()"></assign>
        <assign to="URI">/someURI/</assign>
        <assign to="ResponseTimeout">120</assign>
        <assign to="." from="*"></assign>
      </output>
      <input message="inmsg">
        <assign to="HTTPClientGetServiceResults" from="*" append="true"/>
      </input>
    </operation>
     <!-- HTTP Client End Session Service -->
     <!-- Ends session specified by SessionToken -->
    <operation name="HTTP Client End Session Service">
      <participant name="HTTPClientEndSession"/>
      <output message="HTTPClientEndSessionServiceTypeInputMessage">
        <assign to="SessionToken" from="HTTPClientBeginSessionServiceResults/
               SessionToken/text()"></assign>
        <assign to="." from="*"></assign>
      </output>
      <input message="inmsg">
        <assign to="HTTPClientEndSessionServiceResults" from="*" append="true"/>
      </input>
    </operation>
  <!-- Provides error handling -->
  <onFault>
    <sequence name="End Session">
    <operation name="HTTP Client End Session Service">
      <participant name="HTTPClientEndSession"/>
      <output message="HTTPClientEndSessionServiceTypeInputMessage">
        <assign to="SessionToken"  from="HTTPClientBeginSessionServiceResults/
               SessionToken/text()"></assign>
        <assign to="." from="*"></assign>
      </output>
      <input message="inmsg">
        <assign to="HTTPClientEndSessionServiceResults" from="*"></assign>
      </input>
    </operation>
    </sequence>
   </onFault>
  </sequence> 
</process>

Configuring Server Name Indication in HTTP Client Adapter

Server Name Indication (SNI) is an extension for the TLS protocol (formerly known as the SSL protocol), which is used in HTTPS. It is included in the TLS handshake process in order to ensure that client devices are able to see the correct TLS certificate for the website they are trying to reach. The extension makes it possible to specify the hostname or domain name of the website during the TLS handshake, instead when the HTTP connection opens after the handshake. SNI is added as an extension to TLS in 2003; it was not originally a part of the protocol.

Consider the following scenario:

There are multiple websites hosted on one server and share a single IP address. Each website has its own TLS certificate and the server may not know which TLS certificate to show when a client device tries to securely connect to one of the websites. This is because the TLS handshake occurs before the client device indicates over HTTP which website it is connecting to.

SNI is designed to solve this problem. It prevents what is known as a "common name mismatch error" - a client (user) device reaches the right IP address for a website, but the name on the TLS certificate does not match the name of the website. Often this kind of error results in a "Your connection is not private" error message in the user's browser.

Example:

SNI makes it possible for a user device to open a secure connection with https://www.example.com even if that website is hosted in the same place (same IP address) as https://www.something.com, https://www.another-website.com, and https://www.example.io.

Sterling B2B Integrator uses HTTP Client Adapter to send HTTP requests to a trading partner using a Perimeter Server. The business process sends a message to a trading partner and the profile of the trading partner profile specifies HTTP as the transport protocol. The business process passes the document as well as information about the trading partner to the HTTP Client adapter. Using the information provided in the business process, the HTTP Client Adapter connects to the trading partner and transfers the document, enforcing any security specifications from the business process.

The HTTP Client Adapter makes use of the following HTTP client services to send documents to the trading partner.

HttpClientBeginSessionService
HttpClientPostService
HttpClientEndService

SNI Usage

The HTTP client services must be able to connect any SNI-enabled server and pass servername/hostname as TLS parameters to the SSLEngine. You must have control over sending the SNI headers, if required you must be able to stop sending SNI headers.

In the example shown below, the hostname set in the RemoteHost parameter is used as a Server Name Indicator (SNI Header) by SSLEngine to connect. During the TLS handshake process, the server must produce the appropriate certificate for the requested hostname. For SNI, usage of IP addresses instead of hostname is discouraged as it becomes difficult for the server to determine which HTTPS endpoint the client wants to connect, since there can be multiple hostings on the same IP address.


<operation name="HTTP Client Begin Session Service">
<participant name="HTTPClientBeginSession"/>
<output message="HTTPClientBeginSessionServiceTypeInputMessage">
<assign to="." from="*"></assign>
<assign to="RemoteHost">verisign.co.uk</assign>
<assign to="HTTPClientAdapter">HttpClientAdapter </assign>
<assign to="CACertificateId">214267176d33e4732node1</assign>
<assign to="SSL">Must</assign>
<assign to="RemotePort">443</assign>
<assign to="CipherStrength">all</assign>
</output>
<input message="inmsg">
<assign to="." from="*"></assign>
</input>
</operation>

Important: This is regarding passing the IP address for the remote host when SNI (Server Name Indication) is enabled.

The HTTPS Server is SNI-enabled and has two or more domain names configured with same port and IP address and the HTTP Client is SNI-enabled. In this case, when you pass the IP address instead of the domain name in the business process, you may or may not get the appropriate results. The behavior is at the discretion of configuration that exists on the HTTP Server.

The HTTP Client Adapter completely controls the SNI headers. By default, the "Enable SNI" flag is set to false, You can set this flag value to true, if you wish to start using SNI, or create a copy of the HTTP Client Adapter and use it in the business process.

In case the same adapter is used in two different business processes and one of the business process requires SNI enabled/disabled, then the HTTP Client Adapter level setting can be overridden in the business process by adding the following parameter in the above business process. (SNI value can be set to Yes or No depending on the requirement.)

<assign to="SNI">No</assign>

Note: Overriding the HTTP Client Adapter level SNI setting is not applicable for AS2 communication, as the out-of-the-box AS2 business processes cannot be modified to add or edit any parameter. You can select the appropriate (SNI enabled/disabled) HTTP Client Adapter from the drop down list on the AS2 Configuration screen.

Important: You can now setup host aliases for the HTTP server virtual host inside application pods using Helm configuration for Certified Container deployments, if required. This adds entries to pod's/etc/hosts file for pod level overrides of hostname resolution. For more information, see Configuring the Certified Container.