Show Menu
Cheatography

SAP XI/PI/PO Cheat Sheet by

This is a SAP PO cheatsheet.

XI/PI/­PRO/CPI - CheatSheet

Product Overview

SAP PI
(Formerly known as: SAP XI, SAP Exchange Infrastructure); stands for SAP Process Integration.
It is a NetWeaver coponent which acts as an EAI and lets you build interfaces with mapping and routing.
SAP PRO
(Formerly known as: SAP PO); stands for SAP Process Orchestration.
SAP PRO is a bundle of SAP PI, SAP BRM and SAP BPM.
SAP CPI
(Formerly known as: SAP HCI, SAP HCP-IS, SAP Hana Cloud Platform Integration); stands for SAP Cloud Platform Integration.
The CPI is a cloud-based (hosted in SAP Cloud Platform) integration platform built up on the OSS Apache Camel framework.

Monitoring (ABAP Stack)

Tran­saction code
Desc­rip­tion
SXMB_MONI
Integr­ation engine message monitoring tools.
SXI_MO­NITOR
Message monitor entry.
SXMB_M­ONI_BPE
Integr­ation process monitoring tools for Business Processing Engine (BPE) / ccBPM.
SXMS_LMS_ CONF
Config­uration of user-d­efined custom search.
SA38 SXMS_ EXTRACT_ MESSAGES
(Re-)index messages after changing the user-d­efined custom search parame­ters.
SMQ1
Monitor outbound message queue.
SMQ2
Monitor inbound message queue.
SMQR
Check if queues are registered correctly.
SM58
Transa­ctional RFC monito­ring.
SMICM
Internet Commun­ication Manager (ICM) monitoring tools.
SMGW
SAP Gateway monitoring tools.
ST06
Monitoring of system resources. For checking e.g. database space.

Monitoring (Java Stack)

Path
Desc­rip­tion
/pimon Adapter Engine Message Monitor
AAE message monito­ring.
/pimon Adapter Engine Commun­ication Channel Monitor
New commun­ication channel monito­ring.
/rwb
Classic runtime workbench
/mdt/c­han­nel­mon­ito­rse­rvlet
RWB-based channel monito­ring.
/Messa­gin­gSy­ste­m/m­oni­tor­/mo­nit­or.jsp
"­Cla­ssi­c" message system monito­ring.
/mdt/a­mtS­ervlet
Java proxy runtime (JPR) monitoring
/rwb/s­ub/­cac­he_­mon­ito­rin­g/s­tat­us_­table
Cache monitoring status.
/nwa/p­i-b­cgn­d-proc
Show status of background jobs (e.g. clean-up, ...)
/nwa/s­che­duler
Java scheduler monito­ring.
/Adapt­erF­ram­ewo­rk/­sch­edu­ler­/sc­hed­ule­r.jsp
Pt. I - Java scheduler monitoring (fallb­ack).
/Adapt­erF­ram­ewo­rk/­sch­edu­ler­/mo­nit­ors­che­dul­er.jsp
Pt. II - Java scheduler monitoring (fallb­ack).
/CPACa­che­/mo­nit­or.jsp
CPA cache monito­ring.
/Messa­gin­gSy­ste­m/m­oni­tor­/lo­cks.jsp
View locked messages in Java stack.
/nwa/logs
AAE log viewer.
/nwa/j­ava­-sy­s-r­eports
Quick status overview of system logs.
Paths on the left column, beginning with / have to be appended to the base uri of the PI/PRO system: http(­s):­//<­hos­tna­me>­:<p­ort­>

Admini­str­ation Tools (Both Stacks)

Path
Desc­rip­tion
/rep/s­upp­ort­/pu­bli­c/L­ock­Adm­inS­ervice
View and remove ESR object locks.
/nwa/locks
View general Java locks.
/useradmin
User admini­str­ation (Java).
/nwa/i­dentity
Identity management and user admini­str­ation.
/nwa/s­tar­t-stop
Starting, stopping and re-sta­rting of Java instances, services and processes.
/nwa/k­ey-­storage
Certif­icate handling and keystore admini­str­ation. (Java)
/nwa/d­est­ina­tions
Configure and admini­strate destio­nations (e.g. HTTP, IDOC, etc.) in Java stack.
/BC/Ve­rifyJCE
Tool to check supported keysize / encryp­ütion strength of PI. Needed e.g. for PGP.
/xpi_i­nsp­ector
Powerful logging and analysis. More inform­ation in S-Note 0001514898. Setup files in S-Note 0002010715
/CPACa­che­/re­fre­sh?­mod­e=delta
Trigger CPA cache delta refresh.
/CPACa­che­/re­fre­sh?­mod­e=full
Trigger CPA cache full refresh.
/ftpjdbc
JDBC-, FTP- and XML-Parser test tools. Can be used to show JDBC driver version for example. (You need note 1085539.)
Tran­saction code
Desc­rip­tion
SU01
User admini­str­ation (ABAP).
STRUST
Certif­icate handling and keystore admini­str­ation. (ABAP)
SM59
Configure and admini­strate destio­nations (e.g. HTTP, IDOC, etc.) in ABAP stack.
SLDCHECK
Test SLD connec­tion.
SLDAPICUST
Configure SLD connec­tion.
SXMB_ADM
Admini­str­ation of Integr­ation Engine.
Paths on the left column, beginning with /, have to be appended to the base uri of the PI/PRO system: http(­s):­//<­hos­tna­me>­:<p­ort­>

Useful Reports (ABAP Stack)

Tran­saction code
Desc­rip­tion
SXMS_E­XTR­ACT­_ME­SSAGES
Re-indexes messages for user-d­efined custom search.
RSXMB_­CAN­CEL­_NO­_CO­MMI­T_MSG
Cancel non-re­sta­rtable messages.
RSXMB_­CAN­CEL­_NO­T_R­EST­_ME­SSAGES
Cancel messages which are missing their commit.
RSBDCOS0
Execute a system command (OS level).
RSPARAM
Show profile parame­ters.
Be aware: If you are not sure how the programs behave, you should open them first in SE38 or SE80 and check their source code. Only run them directly via SA38 if you know, what you are doing!

Configure system proxy (Both Stacks)

Stack
How to
Java
Check:
To do a quick check of the global proxy settings, open the following path on your PI/PO/PRO: /proxy_settings.jsp

Configure:
To configure the global proxy settings, open the path: /nwa/middleware-settings
ABAP
Check & Configure:
Open transa­ction SICF and press F8. Go to the Clien­t-menu entry and then select Proxy­-Se­tti­ngs.

Readout Passwords (Both Stacks)

Pass­words from SAP PI users
There is no universal way to grab passwords from PI users, but as long as there is an interface, sending data to the PI via SOAP or HTTP there is a good chance of getting the password. Even here you have two options:
Open the receiving SOAP sender channel in the Integr­ation Direct­ory­/NWDS. Switch to the Modul­es-tab and add a parameter to the adapter's own module with the following values: Parameter Name=­Tra­ceH­TTP, Parameter Value=­pl­ain. The resulting logs with all header data can be found in /nwa/logs. Search for the Autho­riz­ati­on:­-h­eader which should contain the user's password as Base64 string.
If the adapte­rmodule isn't available, you could trace the incoming requests with /xpi_inspector. After creating the traces, search for the Autho­riz­ati­on­-header as explained above.

SSL, TLS, PGP, ... (All Stacks)C

How to check quickly if TLS 1.2 is enabled?
A good indicator is the version of the used iSaSiLk library. If version is 4.5, the PI doesn't support TLS 1.1/1.2. If iSaSiLk has version 5.104 there are good chances, that TLS 1.2 is supported (because 5.104 usually will be installed, when doing the TLS 1.2 patches).
How to activate TLS 1.2 in AS Java?
To enable TLS 1.1 and TLS 1.2 support for SAP PI (AS Java) read the contents of SAP note 2417205. It contains further notes which explain to check and update TLS support.
How to activate TLS 1.2 in AS ABAP
Ensure that the used Commo­nCr­ypt­oLib has release 8.4.3.1 or later. (Update infos in note 1848999.) If you want to force TLS 1.2, read note 2384243.
How to force TLS 1.2?
If your SAP PI is TLS 1.2 ready, and you want the HTTP receiver channel to use explicitly TLS 1.2, then you can add the parameter https­Pro­tocols with value TLSv1.2 in the channels module tab. Further explan­ation can be found in note 2393811.
How to support ECDHE chipher suites?
As explained in Note 2538934 none of the SAP PI/PRO releases supports any kind of ECDHE cipher­suites. Either ask the partner to allow a non-ECDHE cipher suite or use an external SSL-ha­ndler like mitmproxy (https://goo.gl/yemrrV) for example.
What cipher suites are supported by SAP PI?
The cipher­suites which are activated by default can be seen in SAP note 2538934. Instru­ctions on how to change the supported cipher­suites can be found in note 2616983.
How to get SSL certif­icate from...
HTTP; open the website in a browser, click the lock­-icon and save certif­icate or use the Realcore Support Tools for SAP PI/PO.
Mail, SFTP; use the OpenSSL comman­dline utilities or the Realcore Support Tools for SAP PI/PO.
FTPs; use the OpenSSL comman­dline utilities with command: openssl s_client -connect <ip­-of­-se­rve­r>:­<po­rt> -showcerts -starttls ftp
Other; try to use OpenSSL toolset. Otherwise Google.
How to convert OpenSSH key to PKCS12?
To create a PKCS12 keystore from OpenSSH key, you need the OpenSSL comman­dline tools.
First create a certif­icate from the private key: openssl req -new -x509 -key <pr­iva­te-­key­-fi­len­ame> -days 3650 -out x509_certificate.pem
Now create PKCS12 from private key and certif­icate: openssl pkcs12 -export -in <x5­09-­cer­tif­ica­te-­fil­ena­me> -inkey <pr­iva­te-­key­-fi­len­ame> -out pkcs12­_ke­yst­ore.p12
How to update TrustedCAs?
AS Java; open /nwa/key-storage, select Trust­edCAs keystore and click import. After import, stop and start the affected commun­ication channel.
AS ABAP; open transa­ction STRUST and add the certif­icate to the (Trust­edCAs). If there's no store like that, choose SSL (anony­mou­s/d­efa­ult).
What is "­peer certif­icate rejected by chainverifier"-error?
This error usually occurs, when at least one certif­icate in the chain is invalid. Keep in my, that server certif­icates are chained (=trusted by higher author­ities). You have to import the whole chain into SAP PI!
What is a "SSL common name mismatch"-error?
This error occurs if the value of the field CN (common name) doesn't match the hostname. E.g. server has a cert that matches serve­r.com, but is called via IP address. Either call service with matching hostname or change the certif­icate on the server.
Can a SSL certif­icate be issued for an IP address?
In theory SSL/TLS certs can be issued for IP addresses. Nevert­heless this is "bad practi­ce" and should be avoided in any case.
How to set-up PGP?
Create PGP keypair; To create a PGP keypair you can use Kleop­atra which can be downloaded at https://gnupg.org/.
Save key on PI; the private key has to be stored in SAP PI's filesy­stem. The standard path is: /usr/­sap­/<S­ystem ID>­/<I­nstance ID>/sec
Conf­igure bean; set-up the bean as described in this article: https://goo.gl/R325Xv
Common PGP errors
PGP Encryption Module: Could not extract private key (org.b­oun­cyc­ast­le.o­pe­npg­p.P­GPE­xce­ption: checksum mismatch at 0 of 20)
Either the password setup in the parameter pwdOw­nPr­iva­teKey is wrong or the key contains invalid chars. Try to set a simpler key in Kleop­atra, re-import the key and try again.
PGP Encryption Module: Could not process message, Internal PGP Error (org.b­oun­cyc­ast­le.o­pe­npg­p.P­GPE­xce­ption: exception encrypting session key)Cause: Illegal key size or default parameters
The JCE unlimited strength policy isn't correct. Check /BC/VerifyJCE if all is green. Otherwise fix like explained here: https://goo.gl/Rt3F7n
You have requested an applic­ation that is currently stopped.
If this occurs when checking /BC/VerifyJCE, enable the applic­ation as explained in note 2606771.

SSL, TLS, PGP, ... (Both Stacks)

How to check quickly if TLS 1.2 is enabled?
A good indicator is the version of the used iSaSiLk library. If version is 4.5, the PI doesn't support TLS 1.1/1.2. If iSaSiLk has version 5.104 there are good chances, that TLS 1.2 is supported (because 5.104 usually will be installed, when doing the TLS 1.2 patches).
How to activate TLS 1.2 in AS Java?
To enable TLS 1.1 and TLS 1.2 support for SAP PI (AS Java) read the contents of SAP note 2417205. It contains further notes which explain to check and update TLS support.
How to activate TLS 1.2 in AS ABAP
Ensure that the used Commo­nCr­ypt­oLib has release 8.4.3.1 or later. (Update infos in note 1848999.) If you want to force TLS 1.2, read note 2384243.
How to force TLS 1.2?
If your SAP PI is TLS 1.2 ready, and you want the HTTP receiver channel to use explicitly TLS 1.2, then you can add the parameter https­Pro­tocols with value TLSv1.2 in the channels module tab. Further explan­ation can be found in note 2393811.
How to support ECDHE chipher suites?
As explained in Note 2538934 none of the SAP PI/PRO releases supports any kind of ECDHE cipher­suites. Either ask the partner to allow a non-ECDHE cipher suite or use an external SSL-ha­ndler like mitmproxy (https://goo.gl/yemrrV) for example.
What cipher suites are supported by SAP PI?
The cipher­suites which are activated by default can be seen in SAP note 2538934. Instru­ctions on how to change the supported cipher­suites can be found in note 2616983.
How to get SSL certif­icate from...
HTTP; open the website in a browser, click the lock­-icon and save certif­icate or use the Certi­ficate Catcher tool (as explained here: https://goo.gl/ay7nc9 ).
Mail, SFTP; use the Certi­ficate Catcher tool as explained above.
FTPs; use the OpenSSL comman­dline utilities with command: openssl s_client -connect <ip­-of­-se­rve­r>:­<po­rt> -showcerts -starttls ftp
Other; try to use Certi­ficate Catcher. Otherwise Google.
How to convert OpenSSH key to PKCS12?
To create a PKCS12 keystore from OpenSSH key, you need the OpenSSL comman­dline tools.
First create a certif­icate from the private key: openssl req -new -x509 -key <pr­iva­te-­key­-fi­len­ame> -days 3650 -out x509_certificate.pem
Now create PKCS12 from private key and certif­icate: openssl pkcs12 -export -in <x5­09-­cer­tif­ica­te-­fil­ena­me> -inkey <pr­iva­te-­key­-fi­len­ame> -out pkcs12­_ke­yst­ore.p12
How to update TrustedCAs?
AS Java; open /nwa/key-storage, select Trust­edCAs keystore and click import. After import, stop and start the affected commun­ication channel.
AS ABAP; open transa­ction STRUST and add the certif­icate to the (Trust­edCAs). If there's no store like that, choose SSL (anony­mou­s/d­efa­ult).
What is "­peer certif­icate rejected by chainverifier"-error?
This error usually occurs, when at least one certif­icate in the chain is invalid. Keep in my, that server certif­icates are chained (=trusted by higher author­ities). You have to import the whole chain into SAP PI!
What is a "SSL common name mismatch"-error?
This error occurs if the value of the field CN (common name) doesn't match the hostname. E.g. server has a cert that matches serve­r.com, but is called via IP address. Either call service with matching hostname or change the certif­icate on the server.
Can a SSL certif­icate be issued for an IP address?
In theory SSL/TLS certs can be issued for IP addresses. Nevert­heless this is "bad practi­ce" and should be avoided in any case.
How to set-up PGP?
Create PGP keypair; To create a PGP keypair you can use Kleop­atra which can be downloaded at https://gnupg.org/.
Save key on PI; the private key has to be stored in SAP PI's filesy­stem. The standard path is: /usr/­sap­/<S­ystem ID>­/<I­nstance ID>/sec
Conf­igure bean; set-up the bean as described in this article: https://goo.gl/R325Xv
Common PGP errors
PGP Encryption Module: Could not extract private key (org.b­oun­cyc­ast­le.o­pe­npg­p.P­GPE­xce­ption: checksum mismatch at 0 of 20)
Either the password setup in the parameter pwdOw­nPr­iva­teKey is wrong or the key contains invalid chars. Try to set a simpler key in Kleop­atra, re-import the key and try again.
PGP Encryption Module: Could not process message, Internal PGP Error (org.b­oun­cyc­ast­le.o­pe­npg­p.P­GPE­xce­ption: exception encrypting session key)Cause: Illegal key size or default parameters
The JCE unlimited strength policy isn't correct. Check /BC/VerifyJCE if all is green. Otherwise fix like explained here: https://goo.gl/Rt3F7n
You have requested an applic­ation that is currently stopped.
If this occurs when checking /BC/VerifyJCE, enable the applic­ation as explained in note 2606771.
 

Adapter Modules (Java Stack)

Module Name
Desc­rip­tion
General beans
Dynami­cCo­nfi­gur­ati­onBean
Mod.-Name: AF_Modules/DynamicConfigurationBean
Used to append, edit or delete entries of the Dynami­cCo­nfi­gur­ation section of the XI3.0 header.
Payloa­dSw­apBean
Mod.-Name: AF_Modules/PayloadSwapBean
Used to switch the main message payload with an message attach­ment, defined by the module's parame­ters.
Payloa­dZi­pBean
Mod.-Name: AF_Modules/PayloadZipBean
Used to zip or unzip a payload. Whn unzipping an archive with multiple files, those will be added as attachments.
Pro tip: Use the undocu­mented parameter gunzip to unzip .gz (GZip) files.
Messag­eTr­ans­for­mBean
Mod.-Name: AF_Modules/MessageTransformBean
Used to transform messages, change the XML, add/edit MIME-t­ypes, etc. The module can load custom­/ex­ternal Java tranfo­rmation classes.
Strict­Xml­2Pl­ainBean
Mod.-Name: AF_Modules/StrictXml2PlainBean
Used to convert XML payload to plain(­text) files. Became obsolete in some way by the Messa­geT­ran­for­mBe­an.
TextCo­dep­age­Con­ver­sio­nBean
Mod.-Name: AF_Modules/TextCodepageConversionBean
Used to swap the code page of the main payload of the XI message and also convert its content.
XiHead­erV­ali­dat­ionBean
Mod.-Name: XiHeaderValidationBean
Used to validate header inform­ation of outbound messages.
XMLAno­nym­ize­rBean
Mod.-Name: AF_Modules/XMLAnonymizerBean
Used to anonymize XML elemen­ts/­att­ributes by removing namespaces or namespace prefixes. Also the encoding attribute of the XML declar­ation can be changed.
Syn­c-A­syn­c-B­ridge beans
Reques­tRe­spo­nseBean
Mod.-Name: AF_Modules/RequestResponseBean
Used in async-sync bridges to convert the asynch­ronous request to a synchr­onous one. Used in combin­ation with Reques­tOn­ewa­yBean.
Reques­tOn­ewa­yBean
Mod.-Name: AF_Modules/RequestOnewayBean
Used in async-sync bridges to redirect a synchr­onous response to an sync interf­ace.
Notify­Res­pon­seBean
Mod.-Name: AF_Modules/NotifyResponseBean
Used in sync-async bridges to sent out (create) a response message.
WaitRe­spo­nseBean
Mod.-Name: AF_Modules/WaitResponseBean
Used in sync-async bridges to wait for a response message.
To develop your own module, read the section "­Module Develo­pme­nt" on this SAP page: https://goo.gl/1mmyxz and also check the sources of this open-s­ource project: https://goo.gl/We4ghm

IDOC Handling (Both Stacks)

Path
Desc­rip­tion
/pimon Adapter Engine IDOC adapter monitor
IDOC message monito­ring.
/pimon Adapter Engine IDOC adapter monitor Metadata monitor
Mainte­nance of IDOC metadata.
Tran­saction code
Desc­rip­tion
IDX_NOALE
Config­uration (including suppre­ssion) of IDOC acknow­led­gem­ents.
IDX1
Mainte­nance of port config­ura­tion.
IDX2
Mainte­nance of IDOC metadata.
IDX5
IDOC message monito­ring.
WE02
Display IDOCs.
WE05
List IDOCs.
WE20
Configure partner agreem­ents. (Mostly done on ERP system side, but nevert­heless helpful.)
To use the Java-stack IDOC monito­ring, you need either the NWA_S­UPE­RAD­MIN­_PI­_IDOC or the NWA_R­EAD­ONL­Y_P­I_IDOC role.

If Java-I­DOC­-mo­nit­oring doesn't show any messages, you have to activate it first. Go to /nwa Config­uration Infras­tru­cture Applic­ation Resources. Then choose "­Res­ource adapte­rs", then "­Jav­aId­ocA­dap­ter­" and then set the persi­sta­nce­-p­roperty to true.

IDOC Setup (Java Stack)

SAP PI to ERP (confi­gur­ation on PI)
Create default IDOC destin­ation in /nwa with name scheme XI_ID­OC_­DEF­AUL­T_D­EST­_<S­ID>­_<C­LNT­>. After creating the destin­ation check it with the ping destin­ation button.
Use this destin­ation in the IDOC receiver channels.
SAP PI to ERP (confi­gur­ation on ERP)
Create a user for the SAP PI system, which can be used in the SAP PI destin­ation. (As explained above.) Usually this user is named: Z_CPIC.
ERP to SAP PI (confi­gur­ation on PI)
You have to create a IDOC-r­eso­urc­e-a­dapter on PI. Go to /nwa Config­uration Infras­tru­cture Applic­ation Resources. Click Create New Resource New Resource Adapter.
Choose SAPJR­ATe­mplate and name the adapter like this: inboundRA_<SID>_<CLNT>.
Define the values for Progr­amId, Gatew­ayS­erver and Gatew­ayS­ervice in the resource adapter's proper­ties. Afterwards give those values to the ERP administrator.
Use this resource adapter in the IDOC sender channels.
ERP to SAP PI (confi­gur­ation on ERP)
Open transa­ction SM59 and create a destin­ation of type T.
Set the fields Progr­amId, Gatew­ayS­erver and Gatew­ayS­ervice with the values received from the SAP PI administrator.
Activate Unicode in the destin­ation's settings.
Use the newly configured destin­ation in the partner agreem­ent/ALE config­uration in transa­ction WE20.

Fight Timeouts (Both Stacks)

Where / What
How to set?
Soap-A­dapter | Sender
Open channel. Add parameter to the adapter's own module at the module tab. If Module Name is CallS­apA­dapter name the parameter syncT­ime­out. If Module Name is ...XI­SOA­PAd­apt­erBean then name the parameter XI.Ti­meout. Give the timeout in millis­econds as parameter value.
Soap-A­dapter | Receiver
Open channel. Add parameter to the adapter's own module at the module tab. Use XMBWS.Ti­meout as parameter name and set the timeout in millis­econds as parameter value.
JDBC-A­dapter | Receiver
There are two points to configure timeout: 1 - module tab, 2 - Advanced Mode parameters.
1) Switch to module tab, add a paramt­er-set to the adapter's own module. Use syncT­imeout as parameter name and set the timeout in millis­econds as parameter value.
2) Switch to Advan­ced­-tab, check Advanced Mode and add the following two parameters to the Addit­ional Parame­ter­s-­table: query­Tim­eout with timeout in seconds (e.g. 600 for 10 minutes). sqlqu­ery­tim­eout with timeout in seconds (e.g. 600 for 10 minutes).
Adapter Engine | Sender
Introd­uction: Useful for sync ABAP proxy interface from ERP to Single Stack. SOAP Sender timeout only configures how long the sender channel will wait for response from PI pipeline. To define how long the SOAP sender channel will keep the connection to the sending ERP/ABAP proxy open, you can use the following setup.
Go to /nwa Config­uration Infras­tru­cture Java System Properties Services. Choose the entry XPI Adapter: XI, switch to its Prope­rti­es-tab and set the timeout in millis­econds for the parameter named xiadapter.inbound.timeout.default.
Be careful this affects all incoming synchr­onous SOAP/XI communication!
To trigger the new parameter, restart the adapter. Therefore go to /nwa Operations Systems Start &Stop Java Services. Select XPI Adapter: XI and click resta­rt­-bu­tton.
Integr­ation Engine | Receiver
Introd­uction: If you're sending data from Integr­ation Engine or ERP, etc. systems, usually the default ICM timeout is used. You have two options to raise this timeout.
1) Open transa­ction sm59, open the approp­riate destin­ation, switch to the Special Option­s-tab and configure the Set timeout option.
2) Raise the global ICM timeout by opening transa­ction RZ11, then open the parameter icm/c­onn­_ti­meout and change its value. In addition open the RZ11-p­ara­meter icm/s­erv­er_­por­t_<­xx> and set the parameter TIMEO­UT=­<ti­meout in s>.
Attention: This change is system­-wide and needs a restart of the ABAP-stack afterw­ards.
Integr­ation Engine | Processing
Introd­uction: Besides network timeouts also processing timeouts can occur when processing in IE/AAE takes longer than configured.
To raise the global ICM processing timeout, open transa­ction RZ11, then open the parameter icm/s­erv­er_­por­t_<­xx> and append the following value-pair to its parameter PROCT­IME­OUT­=<t­imeout in s>.
Attention: This change is system­-wide and needs a restart of the ABAP-stack afterw­ards. Learn more over here: https://goo.gl/Sh5Jfp
Hint: *If you want to test this changes without restart, you can make them temporary (until next restart) by opening transa­ction smicm, opening "­Ser­vic­es" (Shif­t+F1) and doing the changes there.

NWDS Lifesaver

Where can I get NWDS 7.5 quick and easy?
Following the click instru­ctions from this article: https://goo.gl/RQ7fW3
NWDS doesn't start and does not show anything while opening.
The NWDS can't find a suitable JRE/JDK. Add the -vm-­par­amter into the NWDS .ini-file.
NWDS throws an exception during the startup and then closes again.
NWDS needs a 32-bit (x86) jdk. (Even if your Windows instal­lation is x64!)
NWDS complains about a wrong JDK (non-SAP) version.
Either click "­can­cel­" and simply ignore the error or search in OneNote for the "JVM vendor not suppor­ted­" article.
NWDS crashes with "Un­handled event loop exception - Java heap space" except­ion.
Raise the values Xmx and XX:Ma­xPe­rmSize in the NWDS .ini-file which lays beneath the NWDS-/­Ecl­ips­e.exe file.
How to avoid the annoying re-login dialogs?
Open NWDS and follow the menu path: Prefe­rences PI Tools Config­uration Tool-S­pecific Sessio­n-T­ime­out. Raise the timeout value.
How to set-up a Java mapping?
Read the following step-b­y-step tutorial: https://goo.gl/n9JCaU
Using "­XPath containing whites­pac­es" doesn't work.
Be sure to just add one XPath by double­-cl­icking. This is necessary to add the namesp­aces. (You can remove the added XPath after the action.)

API & Automation (Both Stacks)

API
OS*
Desc­rip­tion
Directory API
JS
What? The Direct­oryAPI provides a set of over 50 SOAP webser­vices to control, monitor and edit Integr­ation Directory objects.
Where? To browse through the available APIs open the path /wsna­vig­ator on your Java stack, switch to Provi­der­-Sy­stem and click search. On the following wizard pages, you can retrieve the WSDL to test the API e.g. in SoapUI.
When? Use the DirAPI when you want to download payloads, get monitoring results, edit channels, ...
More?
Tutorial: https://goo.gl/6hgNFP
Simple Query
JS
What? The Simple Query is an unofficial HTTP/­Pos­t-based web-api that allows to view and download Integr­ation Directory as also Enterprise Service Repository objects.
Where? To browse through the available methods open the path /dir/­sup­por­t/S­imp­leQ­uery for Directory objects or /rep/­sup­por­t/S­imp­leQ­uery for Respos­itory objects on your Java stack.
When? Use the Simple Query when you want to access repository objects like Mappings, etc.
More?
Tutorial: https://goo.gl/js6Tde
To use the API, the API user needs the roles SAP_X­I_A­PI_­DIS­PLA­Y_J2EE and SAP_X­I_A­PI_­DEV­ELO­P_J­2EE.
Channel Control
JS
What? The Channe­lAd­min­-Se­rvlet is a subset of DirAPI that allows to start and stop channels via webservice call.
Where? Call the following url: /Adap­ter­Fra­mew­ork­/Ch­ann­elA­dmi­nSe­rvl­et?­par­ty=­&­ser­vic­e=­&c­han­nel­=<n­ame­>&­act­ion­=<a­cti­on>. Replace <n­ame­> with channe­lname and <a­cti­on> with either start, stop or status.
When? Use this API to progra­mma­tically start/­sto­p/query channels.
More?
https://goo.gl/o6oAdJ
General tutorial: https://goo.gl/9ML4Vn
Use in ABAP: To use the API, the API user needs the roles SAP_X­I_A­PI_­DIS­PLA­Y_J2EE and SAP_X­I_A­PI_­DEV­ELO­P_J­2EE.
RFC via NCO/JCO
AS
What? RFC isn't a real API but a protoc­ol/­tec­hnique to access the ABAP stack from outer systems. You can either call specific function modules via RFC or use generic modules like RFC_G­ET_­TAB­LE_­DATA to read any table.
Where? Use a platfo­rm-­spe­cific RFC connector library like SAP JCO for Java or SAP NCO for .NET-applications.
When? Use it e.g. to call function or retrieve data from ABAP stack in C# or Java applications.
More?
NCO tutorial: https://goo.gl/DhvUAM
JCO tutorial: https://goo.gl/K2SyEC
SAP Gui Script
AS
What? SAP GUI scripting allows to write scripts which automate tasks in the SAP GUI. Scripts can either be written manually or recorded via a macro recorder.
Where? Open SAP Logon, log into SAP system, click Customize Local Layout button (Alt+­F12) and choose Script Recording and Playback....
When? Use it for recurring tasks in SAP GUI, which can't be handled with an Z-program or via another API.
More?
Base setup: https://goo.gl/V4dwkc
Macro tutorial: https://goo.gl/eqgVwK
SAPSHCUT
AS
What? The sapshc­ut.exe is comman­dline tool, which allows to launch SAP Gui with predefined commands and parameters.
Where? The sapsh­cut.exe is placed in SAP Logon install dir, which is usually located in: C:\Pr­ogram Files (x86)­\SAP­\Fr­ont­End­\SA­Pgui. To see all parameters call sapshcut with -?-p­ara­meter from comman­dline like: sapsh­cut.exe -?
When? Use it to launch SAP GUI with a predefined transa­ction and (optional) predefined input data.
More?
sapshc­ut.exe usage: https://goo.gl/WYWqgP
Shortcut file tutorial: https://goo.gl/jM5A5y
REST Api
CPI
What? The OData-API is a REST-based web api to control, manage and edit Cloud Integr­ation Content. It can be seen as counte­rpart to SAP PI's Directory API.
Where? The api endpoint itself can be reached via https­://­<tm­n>/­api/v1 whereby the <t­mn> has to be replaced by your tenant's hostname. API testing can be done with REST-API tools like Postman.
When? Use it to build your own monitoring or automate admini­station tasks.
More?
Docume­nta­tion: https://goo.gl/t4u3dB
API discovery tool: https://goo.gl/Wy8Y1B
*OS = Operat­ional stack; system where the API is available. JS = Java stack, AS = ABAP stack, CPI = Cloud Platform Integr­ation.

Unix 101

Test HTTP connec­tion; to test a HTTP(S) connec­tion, use the wget-tool:
wget http(s­):/­/<m­yse­rve­r.d­e>:­<po­rt>­/<p­ath­>
Test non-HTTP connec­tion; to test a non-HT­TP(S) connec­tion, use the telnet-tool:
telnet <my­ser­ver.de> <po­rt>
Test HTTP connection via proxy; to test a HTTP(S) connection via proxy server, use the wget-tool:
wget -e use_pr­oxy=yes -e https_­pro­xy=­<my­pro­xy.d­e>­:<p­rox­y-p­ort> http(s­):/­/<m­yse­rve­r.d­e>:­<po­rt>­/<p­ath­>
Test HTTP connection via proxy with auth; to test a HTTP(S) connection via proxy server with user authen­tic­ation, use the telnet-tool:
wget -e use_pr­oxy=yes -e https_­pro­xy=­<my­pro­xy.d­e>­:<p­rox­y-p­ort> -e proxy_­use­r=<­proxy user> -e proxy_­pas­swo­rd=­<proxy pass> http(s­):/­/<m­yse­rve­r.d­e>:­<po­rt>­/<p­ath­>
Get SFTP-f­ing­erp­rint; to get the server­-fi­nge­rprint fo an SFTP server, use:
sftp -vv -oPort­=<p­ort> <us­er>­@<m­yse­rve­r.d­e>
Show number of cpus; to show used cpu and number of cores, use:
lscpu
Show amount of ram; to show amount of ram, swap and current memory status, use:
cat /proc/­mem­info
Show disk space; to show used, free and total diskspace, use:
df -h
Get SSL/TLS certif­icate from a FTPs server; to get the certif­icate, used by an SFTP server, use openssl toolkit:
openssl s_client -connect <server ip>­:<s­erver port> -showcerts -starttls ftp
Delete files older than X days; to delete files (e.g. logs) that are older than X days, use:
find . -name '<f­ile­nam­e>' -type f -mtime +<d­ays> -delete
Hints: In <f­ile­nam­e>-tag a * can be used as wildcard. Remove -delete to do a test-run without deletion.
The < and > symbols mark placeh­olders. You have to replace them with the actual values of your use-case.

Tools to rocket your produc­tivity

Realcore Developer Suite for PI/PO: Helps to compare ESR object or create mapping or interface docume­nta­tions. Available via SAP Appstore or Realcore Sales Team.
Realcore Support Tools for PI/PO: Helps to quickly create suppor­t/error mails with payload attach­ments, download payloads to disk, solve SSL errors and much more. Available via Realcore Sales Team.
Soap­UI: Useful for SOAP webservice testing and for creation of SOAP/REST webser­vices (=mockup services). Choose OpenSo­urc­e/C­omm­unity edition. https://goo.gl/qD42Z9
Post­man: Helps to test REST apis including header and payload handling. https://goo.gl/7pgbFV
DBea­ver: Helps to view, edit and work with nearly any database. Runs without instal­lation. https://goo.gl/zqGDA9
Note­pad++ (+ XML Tools): The XML swissk­nif­e/e­ditor. Go to plugin manager and install "XML Tools". https://goo.gl/zAsd4N
Fidd­ler: Sniffing proxy to view raw HTTP requests. Is even able to decrypt and view HTTPS traffic. Useful for analysis. https://goo.gl/rSWeFA

Helpful Resources

Overview of NWA short links: https://goo.gl/YB3CYU
List of useful transa­ctions and short-­urls: https://goo.gl/ky1m5F
Note: The entries above contain links to helpful web-re­sou­rces. For better readab­ility all links were shorte­ned.
 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets