AS4 Connector

Version 24.2.9039


AS4 Connector


The AS4 connector supports sending and receiving messages via the AS4 protocol.

Overview

An AS4 connection is configured in two places. Configure the AS4 Profiles page with a local AS4 party identifier and a private certificate. Then configure individual AS4 connectors with connection settings specific to a single trading partner. When an input file is processed by an AS4 connector, it is packaged and sent to the specified trading partner.

When CData Arc receives a file over AS4, it attempts to route the file to a specific AS4 connector. The application uses the AS4 party identifiers in the AS4 message to determine which AS4 connector should receive the file. When a file is routed to an AS4 connector, that file is placed in the connector’s Output tab, or is passed along to the next connected connector in the flow.

Profile Configuration

The AS4 Profile must be configured before connections can be established with individual AS4 connectors. Click Profiles on the top menu bar, then click the AS4 tab.

AS4 Profile Tab

Personal Id

Settings for identifying the local profile.

  • Party Identifier Your AS4 identifier. Messages sent by Arc must be addressed to this identifier, and outgoing messages use this value to identify the originator of the message. Identifiers are case-sensitive.
  • Party Identifier Type The optional type declaration of the Party identifier. If specified, supply the domain to which the identifier belongs.

Personal Certificate

Settings related to the private decryption and signature certificate.

  • Private Certificate The certificate used to decrypt incoming messages and sign outgoing messages. Never share this certificate with external parties. Click the Create Certificate button to generate a self-signed certificate that is ready to use in an AS4 transaction: a corresponding public key is also generated with the same filename and a .cer extension.
  • Certificate Password The password required to access the Private Certificate.

Application URLs

Settings and displayed values related to accessing Arc from the public web.

  • Receiving URL The URL at which Arc listens for incoming AS4 messages. Share this URL with all your trading partners.

Logging

Settings that govern the creation and storage of logs.

  • Log Level The verbosity of logs generated by the connector. When you request support, set this to Debug.
  • Log Rotate Interval The number of days to wait before creating a new log file.
  • Log Delete Interval The number of days to wait before deleting old log files.

Miscellaneous

Miscellaneous settings are for specific use cases.

  • Other Settings Enables you to configure hidden connector settings in a semicolon-separated list (for example, setting1=value1;setting2=value2). Normal connector use cases and functionality should not require the use of these settings.

Connector Configuration

Once you configure the global AS4 profile settings, create and configure individual AS4 connectors for each trading partner on the Flows page.

Settings Tab

Configuration

  • Connector Id The static, unique identifier for the connector.
  • Connector Type Displays the connector name and a description of what it does.
  • Connector Description An optional field to provide a free-form description of the connector and its role in the flow.

Trading Partner Info

Settings for identifying and connecting to a specific AS4 trading partner.

  • Party Identifier The AS4 party identifier specific to the target trading partner. This value is included in the outgoing AS4 message to ensure it is delivered to the intended recipient, and it is used to route incoming AS4 messages to the appropriate AS4 connector. Identifiers are case-sensitive.
  • Party Identifier Type The optional type declaration of the Party identifier. If specified, supply the domain to which the identifier belongs.
  • Partner URL The trading partner’s public endpoint where outgoing AS4 messages should be sent.
  • Agreement The shared AS4 Agreement that governs the exchange. This is required in ENTSOG profiles.

Connection Info

Settings related connection parameters for the specified trading partner.

  • Send Message Security Whether to sign and/or encrypt outgoing AS4 messages. CData strongly recommends you use signatures and encryption.
  • Receive Message Security Whether to require that signatures and encryption are present for incoming AS4 messages. An error is thrown if a received message does not have a required security parameter.
  • Compression Whether to compress the payload of outgoing messages.
  • Connection Timeout The length of time (in seconds) the connector waits for a connection response before throwing a timeout error.
  • Profile The AS4 profile to use in the AS4 interchange. Profiles help determine shared configuration settings to ensure compatibility between partners. Setting the profile automatically updates relevant configuration options in the connector.
  • Message Partition Channel The channel over which the AS4 interchange should occur. If you do not specify a channel, the default Message Partition Channel (MPC) is implicitly assigned. MPCs are important when sending or receiving pull requests, because only messages queued in the assigned MPC are returned in response to the pull request.

Receipt

Settings related to requesting receipts when sending AS4 messages.

  • Enable Receipt Whether a receipt should be returned in response to incoming AS4 messages, and expected in response to outgoing AS4 messages.
  • Delivery Whether the receipt should be returned as a direct response to the outgoing AS4 message (Synchronous) or returned later as part of a separate connection (Asynchronous). Synchronous receipts are recommended unless the size of the AS4 message is very large (50MB is a common threshold), in which case processing the message and delivering a synchronous receipt might strain the connection timeout duration.

Trading Partner Certificates

Settings related to the public key certificates provided by the trading partner.

  • Encryption Certificate The public key certificate used for AS4 encryption when sending messages. This certificate must be paired with the trading partner’s private certificate, and the trading partner should provide a public key certificate when sharing AS4 configuration details.
  • Verification Certificate The public key certificate used to verify AS4 signatures when receiving messages. This field is often unnecessary; most AS4 parties use the same private certificate for both signing and decrypting. If this value is not specified, the application uses the Encryption Certificate to verify signatures.
  • TLS Server Certificate The public key certificate used to verify the identity of an TLS/SSL server. This is only necessary if the partner’s AS4 system requires HTTPS instead of HTTP. If the trading partner does not provide a TLS server certificate, you can leave this setting blank to allow the underlying OS/JVM to perform certificate validation, or it can be set to Any Certificate to unconditionally trust the target server’s identity.

Business Agreement Details

Settings related to the shared details of the AS4 business agreement. These values should be confirmed with the trading partner prior to configuration.

  • Service The business process accepting the message.
  • Service Action The operation or activity being executed in the business process.
  • Service Type The optional qualifier providing context to the Service.
  • From Role The role of the party from which the message originates. These roles can either be reversed or remain the same when sending versus receiving AS4 requests, based on your partner agreement. This value is used in the PartyInfo` element of the resulting AS4 SOAP envelope.
  • To Role The role of the party to which the message is delivered. These roles can either be reversed or remain the same when sending versus receiving AS4 requests, based on your partner agreement. This value is used in the PartyInfo` element of the resulting AS4 SOAP envelope.

Automation Tab

Automation Settings

Settings related to the automatic processing of files by the connector.

  • Send Whether files arriving at the connector are automatically sent as AS4 messages.
  • Retry Interval The number of minutes before a failed send is retried. A retry is triggered when the server does not respond to a send attempt, or responds negatively to communicate that the file was not received.
  • Max Attempts The maximum number of times the connector processes the input file. Success is based on a successful server acknowledgement and validation of the receipt (when requested synchronously). If you set this to 0, the connect retries the file indefinitely.
  • Resend Interval The number of minutes before unacknowledged messages are resent. A resend is triggered when the server receives the file, but an asynchronous receipt is not provided within the expected timeframe.
  • Max Attempts (async) The maximum number of times the connector processes the input file when asynchronous receipts are requested. Success is based on the return of an asynchronous receipt within the Resend Interval after a successful server acknowledgement. If a successful server acknowledgement is not returned, Max Attempts is applied instead. If this is set to 0, the connector resends the file indefinitely.
  • Receive Whether the connector should automatically make pull requests to receive messages from the trading partner.
  • Pull Interval The interval between automatic pull requests.
  • Minutes Past the Hour The minutes offset for an hourly schedule. Only applicable when the interval setting above is set to Hourly. For example, if this value is set to 5, the automation service downloads at 1:05, 2:05, 3:05, etc.
  • Time The time of day that the attempt should occur. Only applicable when the interval setting above is set to Daily, Weekly, or Monthly.
  • Day The day on which the attempt should occur. Only applicable when the interval setting above is set to Weekly or Monthly.
  • Minutes The number of minutes to wait before attempting the download. Only applicable when the interval setting above is set to Minute.
  • Cron Expression A five-position string representing a cron expression that determines when the attempt should occur. Only applicable when the interval setting above is set to Advanced.

Performance

Settings related to the allocation of resources to the connector.

  • Max Workers The maximum number of worker threads consumed from the threadpool to process files on this connector. If set, this overrides the default setting on the Settings > Automation page.
  • Max Files The maximum number of files sent by each thread assigned to the connector. If set, this overrides the default setting on the Settings > Automation page.

Alerts Tab

Settings related to configuring alerts and Service Level Agreements (SLAs).

Connector Email Settings

Before you can execute SLAs, you need to set up email alerts for notifications. Clicking Configure Alerts opens a new browser window to the Settings page where you can set up system-wide alerts. See Alerts for more information.

Service Level Agreement (SLA) Settings

SLAs enable you to configure the volume you expect connectors in your flow to send or receive, and to set the time frame in which you expect that volume to be met. CData Arc sends emails to warn the user when an SLA is not met, and marks the SLA as At Risk, which means that if the SLA is not met soon, it will be marked as Violated. This gives the user an opportunity to step in and determine the reasons the SLA is not being met, and to take appropriate actions. If the SLA is still not met at the end of the at-risk time period, the SLA is marked as violated, and the user is notified again.

To define an SLA, click Add Expected Volume Criteria.

  • If your connector has separate send and receive actions, use the radio buttons to specify which direction the SLA pertains to.
  • Set Expect at least to the minimum number of transactions (the volume) you expect to be processed, then use the Every fields to specify the time frame.
  • By default, the SLA is in effect every day. To change that, uncheck Everyday then check the boxes for the days of the week you want.
  • Use And set status to ‘At Risk’ to indicate when the SLA should be marked as at risk.
  • By default, notifications are not sent until an SLA is in violation. To change that, check Send an ‘At Risk’ notification.

The following example shows an SLA configured for a connector that expects to receive 1000 files every day Monday-Friday. An at-risk notification is sent 1 hour before the end of the time period if the 1000 files have not been received.

Advanced Tab

Token Authentication

Settings related to using and requiring token authentication.

  • Token Authentication (Receiving) Whether authentication tokens must be included in incoming AS4 messages. If enabled, incoming messages must include username credentials that match the Username and Password fields set under this option.
  • Token Authentication (Sending) Whether authentication tokens should be included in outgoing AS4 messages. If enabled, outgoing messages include username credentials that match the Username and Password fields set under this option.
  • Password Type Whether username tokens should be in plain text or encrypted digest format.

Alternate Local Profile

Settings that override the AS4 configuration on the Profiles page for this specific AS4 connector. Setting an alternate local profile lets you use different local certificates and identifiers for certain trading partners.

  • Party Identifier Your AS4 identifier. Overrides the Party Identifier on the Profiles page.
  • Party Identifier Type Your AS4 identifier type (optional). Overrides Party Identifier Type on the Profiles page.
  • Private Certificate The certificate used to decrypt incoming messages and sign outgoing messages. Overrides the Private Certificate on the Profiles page.
  • Certificate Password The password required to access the local private certificate.

TLS Client Authentication

Settings related to client authentication when two-way TLS authentication is required.

  • Use Profile Settings Whether to use the Private Certificate configured on the Profiles page as the TLS certificate for client authentication.
  • Private Certificate The private certificate presented during TLS client authentication. Only applicable if you are not using the same private certificate from the Profiles page.
  • Certificate Password The password required to access the TLS client certificate.

Message Properties

A set of custom message properties, specified in name-value pairs, to include as part of the outgoing message.

Other Settings

Settings not included in the previous categories.

  • Agreement Ref P-Mode The processing mode attribute of the shared AS4 agreement. If you use this, provide the PMode.Id parameter.
  • Agreement Ref Type The reference type attribute of the shared AS4 agreement. The two parties should decide upon the semantics of this value.
  • Attach XML Files Whether XML payloads should be packaged as a MIME attachment to the SOAP message, or included directly in the SOAP body.
  • Duplicate Message Action How the connector should behave when it receives an AS4 message with a Message Id that the connector has seen before. The connector detects duplicate messages by remembering Message Ids that have been received within the number of minutes specified in Duplicate Message Interval.

    Continue: the connector processes the duplicate file like any other file
    Ignore: the connector silently ignores (discards) the inbound file
    Failure: the connector raises an error and does not process the file
  • Duplication Interval The number of minutes that a message with the same Message Id is considered a duplicate. If you set this to 0, the Message Ids are stored until the server is restarted.
  • Encryption Algorithm Which encryption algorithm to use if you require message encryption.
  • Pull URL The URL endpoint to which pull requests should be sent. Only required if it is different from the Partner URL.
  • Receipt URL The URL endpoint to which receipts should be sent. Only required if it is different from the Partner URL.
  • Security Token Format Which format to use for security tokens (certificate references).
  • Signature Algorithm The algorithm to use when signing outgoing messages. The same algorithm is requested for the corresponding receipts.
  • Processing Delay The amount of time (in seconds) by which the processing of files placed in the Input folder is delayed. This is a legacy setting. Best practice is to use a File connector to manage local file systems instead of this setting.
  • TLS Enabled Protocols The list of TLS/SSL protocols supported when establishing outgoing connections. Best practice is to only use TLS protocols. Some obsolete operating systems do not support TLS 1.2.

Proxy Settings

These are a collection of settings that identify and authenticate to the proxy through which the AS4 connection should be routed. By default, this section uses the global settings on the Settings Page. Clear the checkbox to supply settings specific to your connector.

  • Proxy Type The protocol used by a proxy-based firewall.
  • Proxy Host The name or IP address of a proxy-based firewall.
  • Proxy Port The TCP port for a proxy-based firewall.
  • Proxy User The user name to use to authenticate with a proxy-based firewall.
  • Proxy Password A password used to authenticate to a proxy-based firewall.
  • Authentication Scheme Leave the default None or choose from one of the following authentication schemes: Basic, Digest, Proprietary, or NTLM.

Message

Message settings determine how the connector searches for messages and manages them after processing. You can save messages to your Sent folder or you can group them based on a Sent folder scheme, as described below.

  • Save to Sent Folder Check this to copy files processed by the connector to the Sent folder for the connector.
  • Sent Folder Scheme Instructs the connector to group files in the Sent folder according to the selected interval. For example, the Weekly option instructs the connector to create a new subfolder each week and store all sent files for the week in that folder. The blank setting instructs the connector to save all files directly in the Sent folder. For connectors that process many transactions, using subfolders can help keep files organized and improve performance.

Logging

Settings that govern the creation and storage of logs.

  • Log Level The verbosity of logs generated by the connector. When you request support, set this to Debug.
  • Log Subfolder Scheme Instructs the connector to group files in the Logs folder according to the selected interval. For example, the Weekly option instructs the connector to create a new subfolder each week and store all logs for the week in that folder. The blank setting tells the connector to save all logs directly in the Logs folder. For connectors that process many transactions, using subfolders helps keep logs organized and improves performance.
  • Log Messages Check this to have the log entry for a processed file include a copy of the file itself. If you disable this, you might not be able to download a copy of the file from the Input or Output tabs.

Miscellaneous

Miscellaneous settings are for specific use cases.

  • Other Settings Enables you to configure hidden connector settings in a semicolon-separated list (for example, setting1=value1;setting2=value2). Normal connector use cases and functionality should not require the use of these settings.

Personal Profile Configuration

Your AS4 profile contains key pieces of information that are used to identify you with trading partners. It is configured on the AS4 tab of the Profiles page.

To get started, specify the following information:

Party Identifier

Similar to an email address in an email exchange, this identifies the partner in an AS4 transmission.

Set Party Identifier to a value that meaningfully identifies you or your organization. The value set here is sent in the headers of AS4 transmissions initiated by Arc.

The Party Identifier is one piece of information exchanged with trading partners when sharing profile information. Trading partners should use this value in their AS4 system so that they can process requests coming from that identifier.

Personal Certificate

The private key certificate is used to sign outgoing messages and to decrypt incoming messages. The AS4 profile uses a private key certificate in PKCS#12 format (a .pfx or .p12 file).

  • Click Upload Certificate in the Private Certificate dropdown to select an existing certificate from disk.
  • Click Create Certificate to create a new self-signed certificate. This creates a new private key certificate and a public key certificate (.cer file) with the same name.

Receiving URL

This is generated based on the Base URL in Settings > Advanced and the default Arc listening endpoint.

Share this value with trading partners so that they can successfully send AS4 messages to Arc.

Partner Setup

Trading partners are responsible for providing specific settings required to connect to their AS4 endpoints. Each AS4 connector must be configured for a single trading partner relationship.

The following AS4 configuration options are required:

Other elements of AS4 configuration are optional and subject to agreement between trading partners ahead-of-time. Communicate clearly with trading partners to establish which fields are necessary to communicate successfully with the specific partner.

Party Identifier

The trading partner provides their Party Identifier, which is the part of their profile that is used to identify their organization in an AS4 transmission. The identifier is used in the header of outgoing requests to indicate the intended recipient.

Note: This value is case sensitive, so when configuring new trading partners, make sure the capitalization is correct.

Partner URL

The Partner URL is the public endpoint where the trading partner’s AS4 system listens for incoming messages. After receiving a URL from the trading partner, test the URL with a web browser to detect any networking or connectivity issues.

In some cases, the trading partner might provide more than one URL if they use separate URLs for pushing AS4 transmissions, pulling AS4 transmissions, and returning asynchronous receipts. Configure additional URLs on the Advanced tab under Pull URL and Receipt URL.

Trading Partner Certificates

Each AS4 connector must be configured with the public key certificate(s) for the target trading partner. The trading partner provides the certificates necessary to encrypt and verify AS4 messages exchanged with them. Arc accepts X.509 public key certificates (files with .cer, .der, or .pem extensions).

Typically the trading partner provides a single certificate, which should be configured in the Encryption Certificate field.

If the trading partner provides multiple certificates, they must clarify the purpose of each certificate. If the partner provides a full certificate chain (as acquired from a commercial certificate authority), only the leaf certificate needs to be configured (the last certificate in the chain). Sometimes, a separate public key certificate might be required to verify the partner’s digital signatures. In this case, set the signature verification certificate on the Settings tab > Trading Partner Certificates > Verification Certificate.

If the trading partner requires TLS/SSL connections, they can provide you with the public key certificate for their TLS server. This should be set under TLS Server Certificate. Alternatively, you can set this field to Any Certificate to implicitly trust the identity of the target TLS server.

Use Receipt

Requesting a receipt ensures non-repudiation of the AS4 message; in other words, the successful delivery of the message cannot be disputed. For this reason, we strongly recomment enabling the Use Receipt field. Be sure to agree on the use of receipts with the trading partner ahead-of-time.

By default, receipts are delivered synchronously, meaning that they are returned as a direct response to the AS4 message. Asynchronous receipts are delivered later in a separate connection. Synchronous receipts are recommended unless the size of the AS4 messages is very large, in which case processing and delivering a synchronous receipt might strain the connection timeout duration.

Service and Service Action

Service, Service Action, and other business agreement details should be communicated with the trading partner. These values help define the business logic associated with the AS4 messages exchanged and how each party should interpret the messages.

Import from SMP

If the trading partner has a Service Metadata Publisher (SMP) profile, these settings can be imported by clicking the Import from SMP button in Settings tab > Trading Partner Info. The resulting prompt requires the SML Domain, Participant Id and Scheme, and Document Id and Scheme from which to obtain the SMP profile. The connector settings are automatically populated with the values read from the SMP profile.

Send and Receive Files

After the AS4 profile and partner-specific AS4 connectors have been configured, files can be securely sent and received.

Send Files

In an AS4 connector, the Input tab displays the files that should be sent to the target trading partner. If Send Automation is enabled on the Automation tab, files that reach the connector Input tab are automatically enveloped and sent. Access the log files for all transmissions by expanding the row associated with the transmitted file.

The Create Test Files button lets you generate a simple series of test files to send to the trading partner.

Resend and Retry

An AS4 Resend is triggered when the trading partner is expected to return an asynchronous receipt, but fails to do so within the Resend Interval duration (60 minutes by default). The application then attempts to resend the transmission. The application continues resending the message until a receipt is received or the Max Attempts (async) is exhausted.

A Retry is triggered when the HTTP response from the trading partner indicates that the server has not received the transmission (the response is not a positive 200 OK status). This can indicate a networking or connectivity issue, which is often transient. The application retries the transmission every Retry Interval minutes until the transmission is received or the Max Attempts is exhausted.

Receive Files

In an AS4 connector, the Output tab displays the files that have been received by the application and routed to the connector (based on the AS4 identifiers present in the incoming AS4 message). Expand each file row to display a list of available logs for the transmission.

These files are available on the connector Output tab. If the connector is connected to other connectors in the flow, files are automatically moved from the Output tab of the AS4 connector to the Input tab of the next connector in the flow.

Macros

Using macros in file naming strategies can enhance organizational efficiency and contextual understanding of data. By incorporating macros into filenames, you can dynamically include relevant information such as identifiers, timestamps, and header information, providing valuable context to each file. This helps ensure that filenames reflect details important to your organization.

CData Arc supports these macros, which all use the following syntax: %Macro%.

Macro Description
ConnectorID Evaluates to the ConnectorID of the connector.
Ext Evaluates to the file extension of the file currently being processed by the connector.
Filename Evaluates to the filename (extension included) of the file currently being processed by the connector.
FilenameNoExt Evaluates to the filename (without the extension) of the file currently being processed by the connector.
MessageId Evaluates to the MessageId of the message being output by the connector.
RegexFilename:pattern Applies a RegEx pattern to the filename of the file currently being processed by the connector.
Header:headername Evaluates to the value of a targeted header (headername) on the current message being processed by the connector.
LongDate Evaluates to the current datetime of the system in long-handed format (for example, Wednesday, January 24, 2024).
ShortDate Evaluates to the current datetime of the system in a yyyy-MM-dd format (for example, 2024-01-24).
DateFormat:format Evaluates to the current datetime of the system in the specified format (format). See Sample Date Formats for the available datetime formats
Vault:vaultitem Evaluates to the value of the specified vault item.
AS4MessageId Evaluates to the MessageId of the AS4 message being received by the connector.
ConversationId Evaluates to the ConversationId of the the AS4 message being received by the connector.
SenderRole Evaluates to the SenderRole of the the AS4 message being received by the connector.
ReceiverRole Evaluates to the ReceiverRole of the the AS4 message being received by the connector.
Service Evaluates to the Service of the the AS4 message being received by the connector.
Action Evaluates to the Service Action of the the AS4 message being received by the connector.

Examples

Some macros, such as %Ext% and %ShortDate%, do not require an argument, but others do. All macros that take an argument use the following syntax: %Macro:argument%

Here are some examples of the macros that take an argument:

  • %Header:headername%: Where headername is the name of a header on a message.
  • %Header:mycustomheader% resolves to the value of the mycustomheader header set on the input message.
  • %Header:ponum% resolves to the value of the ponum header set on the input message.
  • %RegexFilename:pattern%: Where pattern is a regex pattern. For example, %RegexFilename:^([\w][A-Za-z]+)% matches and resolves to the first word in the filename and is case insensitive (test_file.xml resolves to test).
  • %Vault:vaultitem%: Where vaultitem is the name of an item in the vault. For example, %Vault:companyname% resolves to the value of the companyname item stored in the vault.
  • %DateFormat:format%: Where format is an accepted date format (see Sample Date Formats for details). For example, %DateFormat:yyyy-MM-dd-HH-mm-ss-fff% resolves to the date and timestamp on the file.

You can also create more sophisticated macros, as shown in the following examples:

  • Combining multiple macros in one filename: %DateFormat:yyyy-MM-dd-HH-mm-ss-fff%%EXT%
  • Including text outside of the macro: MyFile_%DateFormat:yyyy-MM-dd-HH-mm-ss-fff%
  • Including text within the macro: %DateFormat:'DateProcessed-'yyyy-MM-dd_'TimeProcessed-'HH-mm-ss%