Connect SAP with your Repository

This chapter provides a step-by-step guide for customizing SAP S/4HANA to connect to your repository (Hyland Nuxeo, Microsoft SharePoint or AWS S3) through aqilink. You will create a new SAP Content Repository from scratch, link it to your repository, enable security, and verify the connection.

Prerequisites

Make sure the following prerequisites are fulfilled before proceeding to customize the SAP system.

Data Model in Repository is Available

Ensure that the repository-specific extensions for the content repository (Hyland Nuxeo, Microsoft SharePoint or AWS S3) are deployed before proceeding. Refer to the Download section to get the data model for the repositories.

SAP Dialog User

To customize SAP S/4HANA to connect to a repository, an SAP dialog user with the appropriate permissions is required to manage SAP Content Repositories. The user must have access to execute the following transactions: OAC0, OAC2, and OAC3. Additionally, to perform functional testing of the aqilink interface, access to transaction SE38 is necessary for running the test reports.

Repository Administration User

In the related repository, it is also necessary to log in with an administration user who has all permissions in the system.

remarque

For repository-specific actions, you will find the relevant steps for each supported repository organized into tabs, as shown in this example:

Hyland Nuxeo

Follow repository-specific actions in Nuxeo.

Microsoft SharePoint Online

Follow repository-specific actions in SharePoint Online.

AWS S3

Follow repository-specific actions in AWS S3.

info

Before proceeding, ensure that aqilink is up and running, and that both the sapHttp.yaml and storage.yaml files have been properly configured, as these are prerequisites. Also ensure that the data model for the desired repository is deployed in the repository.

Create SAP Content Repository

Follow these steps to create a new SAP Content Repository in the S/4HANA system which will be connected to the repository.

remarque

Ensure you log in to SAP with a dialog user that has administrative permissions to access the following required transactions: OAC0, OAC2, OAC3 and SE38 (functional testing).

1. Login to the SAP system and execute the following transaction: OAC0. This will display a list of all available SAP Content Repositories in the S/4HANA system.

2. To create a new SAP Content Repository switch to Edit mode (CTRL+F4 ), then press F5.

3. Now create a new entry using the following values:

   Property	Description	Example
   Content Rep.	Unique name for the repository in SAP.	ZN, T1
   Description	A description to easily identify the repository, visible only to the SAP admin in the SAP Content Repository overview.	Nuxeo Repository, SharePoint Repository, S3 Repository
   Document Area	Select ArchiveLink from the dropdown list to use ArchiveLink and Attachment functionality. Select Document Management System to use SAP DMS (Document Info Records).	ArchiveLink, DMS
   Storage Type	Always select HTTP content server from the list.	HTTP content server
   Version no.	Specify the SAP Content Server version. Supported versions are 0045, 0046 and 0047. Use 0047 for all new installations.	0047
   HTTP server	Specify the server, IP address or hostname, where aqilink is running.	11.2.0.112
   Port Number	Specify the port on the aqilink server above where the app is running. Default: 3000 - Refer to Parameter port in app.yaml.	3000
   HTTP Script	The endpoint within aqilink for this repository. It must start with the prefix sapHttp followed by a slash (/) and then an existing name defined in the sapHttp.yaml. Refer to Parameter name in sapHttp.yaml.	sapHttp/src-nuxeo, sapHttp/src-sharepoint, sapHttp/src-s3
   Transfer drctry	Some ArchiveLink scenarios requires files to be created in a transfer directory (on SAP side) before sending it to the content server. Edit this, if the default value does not match your corporate standard.	/tmp/
   HTTP on frontend	Means the HTTP request is initiated from the user's local frontend system, typically from the user's browser or desktop. Example: If a user uploads a document, the request is sent from their local machine via HTTP to the external content repository. We strongly recommend setting up a secure connection between SAP and aqilink! This can be done at any time later. Refer to reference section Communication via HTTPS.	no HTTPS
   HTTP on backend	Means the HTTP request is initiated from the SAP server (backend) rather than the user’s machine. Example: If a batch job is set up to archive documents overnight, the SAP backend handles the requests via HTTP. We strongly recommend setting up a secure connection between SAP and aqilink! This can be done at any time later. Refer to reference section Communication via HTTPS.	no HTTPS

   This is how the fields described in the table above appear in the SAP GUI:

4. Save the newly created repository (CTRL+S).

5. Test the connection using either the Test Connection or Status information icon (refer to the highlighted buttons in the image above). Now, you should receive a message, that the content repository does not exists.

   

   attention

   If you receive any message other than the one mentioned above, ensure that the connection to the aqilink server is functioning properly. In case you receive a message like Payment required, verify that you have entered a valid license key. Resolve the issue and proceed only once you receive the correct message.

6. The repository is now reachable from SAP through aqilink.

Initialize SAP Content Repository

The newly created SAP Content Repository must now be initialized and made known to the related repository (Hyland Nuxeo, Microsoft SharePoint or AWS S3) to be recognized by SAP. This is done within the same SAP transaction OAC0 and means that SAP requires both a "repository" and a "certificate" on the content server side to establish the connection. These are stored by aqilink as files in the connected repository:

Hyland Nuxeo

In Nuxeo, the files are stored in the folder specified by the parameter adminPath in the storage.yaml.

Microsoft SharePoint Online

In SharePoint Online, the files are stored in the folder specified by the parameter adminPath in the storage.yaml.

AWS S3

In AWS S3, the files are stored within an new folder named Repository inside the automatically created bucket. The bucket name is based on name of the source and the SAP Content Repository Name. For details on the naming convention, refer to the ASW S3 Bucket Naming Convention section in the corresponding storage.yaml configuration file.

To initialize the SAP Content Repository in the related repository follow these steps:

1. Click on icon --> CS Admin (Content Server Administration) in the middle of the screen, besides the Test connection icon.

   

2. Create the repository in Nuxeo using the Create repository icon in the Create section. All settings in this screen can be left with their defaults.

   

3. If successful, you will immediately be redirected to tab Details where some basic information from the aqilink server shows up.

   

4. The repository file has been successfully created in the repository. Now, the certificate needs to be created as well.

Secure Connection using Certificate

Secure the connection between SAP and the repository (Hyland Nuxeo, Microsoft SharePoint or AWS S3) using a certificate that will be stored in the repository. This ensures that only authorized requests from the SAP S/4HANA system are allowed.

attention

For completeness: You can disable signature verification and allow all requests to pass through aqilink to the SAP system by setting the signatureEnabled parameter to false in the relevant section of your sapHttp.yaml file. You can also disable the expiration check for signed requests by setting the checkExpiration parameter to false in the same file, though this setting is only relevant when signatureEnabled is true.
However, we strongly advise against disabling these important security features!

Send Certificate from SAP

1. In the CS Admin section click on tab Certificates and send the certificate by clicking on the envelope icon.

   

2. Once the certificate was sent, it appears in the Certificate Properties table. Note the state of the checkbox! It is not checked, which means the certificate is not yet active.

   

Activate Certificate in Repository

The recently sent certificate must be activated in the repository.

info

From the SAP HTTP-Content Server protocol specification, the certificate can only be activated from the content repository side. This is an additional security step. Therefore, no additional action is required in SAP. To proceed with the activation, login to the repository.

3. Login to the repository with administrator privileges and follow the steps below based on the repository.

Hyland Nuxeo

4. Navigate to the path specified in the adminPath parameter in the corresponding connection within the storage.yaml. Within the adminPath, you'll find a folder prefixed with the name of the endpoint entered above in HTTP Script during the SAP Content Repository creation. The folder name is also concatenated with the name of the SAP Content Repository itself. In the folder, two files are available: the repository file with the extension .repo and the certificate file with extension .pem. Both file names consist of the SAP Content Repository name.

   

5. Select the certificate with the .pem extension and edit the file properties. To activate it, check the box for field Activated and save the document.

   

Microsoft SharePoint Online

4. Navigate to the path specified in the adminPath parameter in the corresponding connection within the storage.yaml. Within the adminPath, you'll find a folder prefixed with the name of the endpoint entered above in HTTP Script during the SAP Content Repository creation. The folder name is also concatenated with the name of the SAP Content Repository itself. In the folder, two files are available: the repository file with the extension .repo and the certificate file with extension .pem. Both file names consist of the SAP Content Repository name.

   

5. Select the certificate with the .pem extension and edit the file properties. To activate it, check the box for field SAP Certificate Activated and save the document.

   

AWS S3

1. Navigate to the automatically created AWS S3 bucket (Refer to ASW S3 Bucket Naming Convention). Within the bucket, you will find a folder named Repository with two objects: the repository file with the extension .json and the certificate file with extension .pem. Both file names consist of the SAP Content Repository name.

   remarque

   Change the value of the x-amz-meta-isactive metadata field of the .pem file and set it to true.

   

2. Select the .pem file an open its properties. Scoll down to the Metadata section and locate the User-defined metadata fields.

   

   SPECIAL ATTENTION REQUIRED

   Note down all User defined metadata keys and their values, especially from the x-amz-meta-authid. This information will be required for re-entry in the next step.

3. In the Object actions menu of the current .pem file click on Copy.

   danger

   Ensure that you copy the .pem file to the exact same Destination directory where it already exists!

   

   Scroll down to section Additional copy settings and select Specify settings:

   

   Scroll further to section Metadata and select Replace all metadata and then add the following:

   Key	Value
   x-amz-meta-authid	AuthId of your SAP system from step above
   x-amz-meta-content-type	application/x-pem-file
   x-amz-meta-isactive	true

   

4. Finally, copy the object.

Check Successful Activation in SAP

To ensure the connection is secure, perform a cross-check in SAP. This can be done within SAP to verify that the connection has been activated and is functioning securely.

6. Go back to SAP and navigate to the recently created SAP Content Repository again. Open the --> CS Admin again and click on the Certificates section. If you still have the SAP GUI with the CS Admin section open, simply click the Refresh icon. Once done, refer to the checkbox in front of the certificate in the Certificate Properties table. It should now be enabled!

   

7. With this, the SAP Content Repository is successfully connected to the repository. You can now proceed with a functional test to verify that all relevant file operations - such as creating, updating, deleting, and appending - function properly in accordance with the SAP Content Server protocol specification.

Functional Test

This section explains how aqilink, and by extension, the ArchiveLink interface, can be tested. Testing requires a foundational understanding of SAP. The test reports mentioned below are also part of the SAP certification process for the SAP Content Server Protocol.

astuce

To successfully complete these tests, all the preceding steps must be completed.

1. Login to SAP and open the ABAP Editor using transaction SE38.

2. Enter RSCMST in the Program field and execute it by either click Execute in the toolbar or press F8.

   

3. In the next screen, enter the recently created SAP Content Repository connected to your repository in the Repository field. Then, click Execute in the toolbar or press F8.

   

4. Now, all related sub-reports are listed that could be executed against the repository.

5. The most important report is RSCMSTH0, which will test the basic communication like create, info, search, update or even delete commands via HTTP against the repository. Use the Execute icon for the report.

   

6. Optional: To test additional functionality of the HTTP interface use the available test reports RSCMSTH1, RSCMSTH2 and RSCMSTH3.

   

   attention

   There is a known issue in the RSCMSTH2 report in SAP BASIS components 740 to 752. If this report returns with a lot of errors regarding document protection like DOC_P[rc], refer to the following SAP OSS notes: 2371386, 2198970. Skip this report unless the notes are implemented.

Congratulations! You have successfully connected SAP to your repository and verified that the technical connection is functioning properly. You can now proceed to customize your use cases in SAP to store documents in the new repository.