AL2: SAP Setup

Setup RFC(Remote Function call connection in SAP)

  1. Amazon certificated uploaded in SAP: When the SAP application connects to the API Gateway endpoint, it presents a certificate. For the SAP application to trust this certificate, it needs to be uploaded to the SAP certificate store by using the transaction code STRUST.

Preparation menu

  1. Download the Amazon server certificates from Amazon Trust Services. In the Root CAs section of that webpage, download all the root CAs (DER format), and upload them under the SSL client SSL Client (Standard) node using transaction code STRUST. If this node doesn’t exist, create it. For more information about SSL client PSE, see Creating the Standard SSL Client PSE.

Preparation menu

If you are using the SAP system provided by your instructor, then the above activity should be completed by your instructor. You can validate the certificates in the SAP transaction STRUST.

Preparation menu

3.If you are using your own SAP environment upload Amazon certificates are using the following steps:

3.1 Click on the change option in STRUST SAP Transaction

3.2 Select SSL client standard

3.3 Click on the import certificate option

3.4 Select the folder path where the Amazon certificates are saved(previous step)

3.5 Click on green tick mark(ok option)

3.6 Click on add to certificate list

3.7 Click Save

3.8 Repeat the steps to upload all the Amazon certificates

Preparation menu

4.Get the Idoc adaptor Host and prefix

4.1 Open the AWS Management Console and navigate Services->Management & Governance->CloudFormation

Select the stack that you deployed in “AWS setup,” earlier in this blog post. Then, go to the Outputs tab, and note down the values for the IDOCAdapterHost and IDOCAdapterPrefix keys. You will need these fields in the next step.

Preparation menu

5.SAP Connection configuration

5.1 In your SAP application, go to transaction code SM59 and click create

Preparation menu

5.2 Create an RFC destination of type G (HTTP Connection to External Server)

5.3 Give RFC destination name of your choice

5.4 Give description name of your choice

5.5 For Target Host, provide the value of the key IDOCAdapterHost from the previous step

5.6 Similarly, for Path Prefix, provide the value of the key IDOCAdapterPrefix.

5.7 In Service No., enter 443. Once all the details are filled in, press Enter.

You will receive a warning that query parameters aren’t allowed. You can ignore that warning by pressing Enter again

Preparation menu

6.While still in transaction SM59, choose the Logon & Security tab, and then choose Basic Authentication

6.1 In the User field, enter the value of USERNAME that you used in “AWS setup,” earlier steps when executing cloud formation template

Preparation menu

6.2 In the Password field, enter the value of PASSWORD that you used in “AWS setup.” Then under Security Options, choose Active for SSL, and choose DEFAULT SSL Client (Standard) for SSL Certificate

Preparation menu

7.Test Connection

7.1 Choose connection test from transaction SM59, and you will get a 200 HTTP response from the API Gateway Preparation menu

If you get an error, recheck the Target Host field (it shouldn’t start with HTTP or HTTPS), make sure the service number is 443, and make sure the path prefix is correct (it should start with a / and contain the full query string). Check whether you provided the correct user name and password. Also, check whether SSL is Active and SSL certificate value is DEFAULT SSL Client (Standard).

8.Configure IDoc port and partner profiles

8.1 Go to transaction code WE21. Create a port of type XML HTTP using the RFC destination created in the previoud SAP setup. In Content Type, choose Text/XML and save.

Preparation menu

9.Go to transaction code BD54, and accept this Caution: The table is cross-client if appears.

9.1 Create a new logical system. Preparation menu

9.2 Enter Logical system name for example: AWSAPIGWV1 and name of your choice AWS API Gateway for IdocsV1 and save Preparation menu

9.3 Click the green tick mark to save Preparation menu

10.Go to transaction code WE20, and create a new partner profile of type LS and save Preparation menu

10.1 From transaction code WE20->Create outbound parameters for the Partner profile that you created in the previous step Preparation menu

10.2 Update the below values to test:


  • Receiver port name: AWSAPIGWV1 (that was created in “previous SAP setup,”)


  • Save

Preparation menu

Test with an outbound IDoc

  1. Go to SAP transaction code WE19

  2. In the Via message type, field enter FLIGHTBOOKING_CREATEFROMDAT, and then choose Execute

Preparation menu

  1. To edit the control record fields, double-click the EDIDC field and fill in the details.
  • Updating the Receiver Port from previous steps: AWSAPIGWV1

  • Updating the Receiver Partner No from previous steps: AWSAPIGWV1

  • Sender Partner number: Will vary based on your SAP system ID and client. For this lab the Receiver Partner number is A4HCLNT001.

For this example, the system ID is A4H and client is 001. Check transaction BD54 for your logical system name. or *Contact the Lab Instructor for assistance

Preparation menu

  1. To edit the control record fields, double-click the EDIDC field.
  • Double-click the E1SBO_CRE and E1BPSBONEW nodes, and provide some values. It doesn’t matter what you provide here

  • There are no validations for the field values. Once done, choose Standard Outbound Processing. This should send the IDoc data to the API Gateway endpoint

5.Send an outbound Idoc by clicking standart outbound processing and ok button in the popup

Preparation menu

6.Login to the Amazon S3 to validate the IDoc data stored in the S3 bucket that was created in the previous AWS CloudFormation step

Preparation menu