Scenario: Receiving an AS2 inbound request
An exchange profile defines how messages are exchanged with a trading partner, and how those messages are processed internally. You can exchange data and messages synchronously or asynchronously with your trading partner using the AS2 protocol based on the requirements and agreement.
- Synchronous inbound exchange - Your organization (owner organization A) receives a product promotion update from a trading partner (organization B). Assuming that your organization has agreed up on a synchronous exchange, B2B Advanced Communications sends a synchronous (on the same HTTP or HTTPS connection) message disposition notification (MDN) to the trading partner (organization B).
- Asynchronous inbound exchange - Your organization (owner organization A) receives a large message with security enabled from a trading partner (organization B). As it would require some time to process a large message with security enabled, you might have agreed up on an asynchronous exchange (MDN). Asynchronous exchanges are also used when the HTTP or HTTPS adapters or proxy servers have definitive timeout configured.
Configuration requirements
Configuration | Requirement |
---|---|
Security policy |
Security policies establish guidelines to govern and ensure secure partner communications. B2B Advanced Communications security policies define the most fortified transport security options, integrity options, nonrepudiation options, and confidentiality options. You can configure a security policy based on the agreement with your trading partner. For more information about configuring a security policy, see Adding an AS2 security policy. |
Organizations |
You must configure partner organizations that are participating in the exchange. For information about configuring partner organizations, see Creating an organization. |
Organization credentials |
If basic HTTP authentication is enabled in the security policy, organization credentials are required to authenticate a trading partner. When configuring connection settings for the inbound request, you must select appropriate organization credentials. For information about configuring organization credentials, see Adding organization credentials. |
Message queues |
A message queue is required to configure a messaging receiver and messaging destination. A message queue must be configured by a System Administrator. For information about configuring a message queue, see Configuring a message queue. |
Trading partner certificates |
If HTTPS client authentication, signed messages, and encrypted messages are enabled in the security policy, you must add a trading partner certificate to your system. The certificate (or one certificate for each usage) is looked up during HTTPS authentication and processing of the inbound message. For information about adding trading partner certificates, see Adding a trading partner digital certificate. |
Owner organization certificates |
If signed MDN is enabled in the security policy, the private/public key pairs and CA certificates must be added to B2B Advanced Communications and the public key must be shared with the trading partner. For information about adding CA certificates, see Adding a CA digital certificate. For information about adding private/public key pairs, see Adding a private and public key pair digital certificate |
Messaging destination |
Two messaging destinations are used in an AS2 inbound flow. One messaging destination is associated with the AS2 receiver and another one is specified when configuring the exchange profile. For information about configuring a messaging destination, see Configuring a messaging destination. After receiving the message, the AS2 receiver sends the message to the messaging destination that is specified in the AS2 receiver configuration. A messaging receiver configured with the message queue (which is also associated with the messaging destination) picks the message and sends it to the AS2 engine for further processing. |
Messaging receiver |
You must configure a messaging receiver from where the received message is picked up and sent to the AS2 engine for processing. For information about configuring a messaging
receiver, see Configuring a messaging receiver.
Note: The
messaging destination and the messaging receiver must be associated
with the same message queue.
|
Asynchronous MDN destination |
Configure a destination to send the MDN.
Note: Currently,
configuring an MDN destination is mandatory for both synchronous and
asynchronous exchanges. The message headers determine whether a message
is synchronous or asynchronous. If a message contains the header Disposition-Notification-To with
a value specified for the header, that means an MDN is required. If
a message contains the header Receipt-Delivery-Option with
a return URL specified for it, that means, the message requires an
asynchronous MDN. If a return URL is not present in the Receipt-Delivery-Option,
then the message requires a synchronous MDN.
For information about configuring an MDN destination, see Configuring an MDN destination. |
HTTP or HTTPS server |
An HTTP or HTTPS server is an endpoint that is associated with an AS2 or AS4 receiver. For information about configuring an HTTP or HTTPS server, see Configuring an HTTP server or Configuring an HTTPS server |
Thread pool |
A thread pool is a collection of threads. A thread pool manages the threads in the pool to process the tasks. To handle large files or a large volume of files, you can have a thread pool with more number of threads and associate the thread pool to the HTTPS destination. For information about configuring a thread pool, see Configuring a thread pool. |
Retry policy |
You must configure appropriate retry policy and associate it with the HTTP or HTTPS destination. The retry settings that are specified in the retry policy are used when an HTTP or HTTPS destination is not available (down) during the transmission. For information about configuring a retry policy, see Configuring a retry policy. |
AS2 receiver |
You must configure an AS2 receiver to receive the inbound request. For information about configuring an AS2 receiver, see Configuring an AS2 receiver. |
Storage settings |
You must configure appropriate storage settings, including data retention and divulge information. For information about configuring storage, see Configuring storage. |
User permission | Requirement |
---|---|
User with Master Account Administrator permissions |
To create or configure the following components:
|
User with System Administrator permissions |
To create message queue and thread pools. |
Creating a sample AS2 inbound exchange profile
- Message queues
- Thread pools
- Retry policy
- Security policy - inbound_securitypolicy
- Messaging destination - inbound_msgdest
- Messaging receiver - inbound_msgrcvr
- HTTPS server - inbound_httpsserver
- AS2 receiver - inbound_as2receiver
- Participating organizations - Organization A and Organization B
- Organization credentials - inbound_user and associated with Organization A (the owner organization)
- Certificate alias of Organization A - OrganizatoinAcertalias (usage - Signed MDN)
- Certificate alias of Organization B - OrganizationBcertalias (usage - HTTPS client authentication and message signing/signature verification, and message encryption)
- Log in to B2B Advanced Communications with Master Account Permissions.
- Click Exchanges > Exchange Profiles.
- On the Exchange Profiles page, click New and select AS2 Inbound.
- On the New Exchange Profile dialog box, specify
values for the following fields and click Save.
Field Description Profile name
Type inbound_as2exchangeprofile as the profile name.
Exchange pattern
Select AS2 Inbound.
- Click Participating Organizations to specify
the participating organizations.
Field Description Owner Organization
Click Select and select Organization A.
In an AS2 inbound exchange, the owner organization is the receiver.
Receiver ID
Select a mutually agreed on ID for your organization.
Trading Partner Organization
Click Select and select Organization B.
In an AS2 inbound exchange, the trading partner organization is the sender.
Sender ID
Select a mutually agreed on ID for the trading partner organization.
- Click Trigger: Receive AS2 Messages from Trading Partners and
specify the trigger and security settings for the inbound request.
Field Description Receiver
Click Select and select inbound_as2receiver to receive the inbound AS2 message.
Configure connection
Click Configure and specify the sender ID, receiver ID, and asynchronous MDN destination.
Security Policy
Click Select and select inbound_securitypolicy.
Configure security
Click Configure and specify the security settings.
The security options (transport layer security, integrity and nonrepudiation, and confidentiality) are displayed based on the security policy settings.
- Click Action: Deliver Message Data and
specify the action for the inbound message.
Field Description Select Destination
Click Select and select inbound_msgdest. After the AS2 message is processed, the payload, attachments, and the business document object are sent to the messaging destination specified here.
- In the Deploy Exchange Profile section,
click Deploy to deploy or enable the exchange
profile.Attention: The Deploy button is enabled only when all the sections of the exchange profile are in Complete status.
Using inbound_as2exchangeprofile to receive an inbound as2 request
Following is a representation of the AS2 inbound flow:
- The HTTP server (inbound_httpsserver, associated with the AS2 receiver that is configured in the inbound_as2exchangeprofile) receives the AS2 message. This is the trigger for the message exchange.
- The HTTP server determines the appropriate AS2 receiver from the URI in the message and sends the message to the receiver.
- The AS2 receiver sends the received message to the messaging destination that is associated with the receiver.
- A messaging receiver (associated with the same message queue as the messaging destination) picks the message and sends it to the AS2 engine.
- The AS2 engine unpacks the message and determines the messaging destination (according to the exchange profile configuration) to which the unpacked message (BDO, payload, and attachments) must be sent.
- If synchronous MDN is specified, an MDN is sent to the trading partner on the same HTTP or HTTPS connection. If asynchronous MDN is specified, an MDN is sent later, on a different HTTP or HTTPS connection, to the trading partner.
- The message service handler packages the response and sends it to the trading partner.