When we decide to use AS2 for B2B communication, then we need systems/services which understand AS2 and support. Earlier Microsoft had only BizTalk Server(on-premises) which was capable to support AS2 and now we have cloud service too which supports AS2 i.e. Logic Apps.
With Enterprise Integration Pack features required for B2B are made available to Logic Apps,the enterprise B2B capabilities like AS2 and EDI standards support and set of XML capabilities like XML Validation, XSLT Transformation and Flat file to XML encode/decode etc (this all are present in BizTalk server already) .
Both the partners need to procure certificate and share the public certificate with each other.
Steps to enable Logic App for AS2
Add Private certificate in Key Vault
We need to store the Private Certificate in Key vault, and provide the access to the services which would need the certificates via Access Policies of Key Vault, here it would be Logic Apps.
Integration Account
With Integration account you get a container wherein you can store schemas, maps, partners, agreements, certificates etc required for Integration project. Also you get access to following connectors
Note: Both your integration account and logic app must exist in the same location or region.
Add certificates in Integration Account
Click on certificates and add Partner1(sender) public certificate, give it a Name , from Certificate Type drop-down select Public and select a certificate by browsing to the certificate location.
and Partner2(receiver)’s private certificate, give it a Name , from Certificate Type drop-down select Private and select a Resource Group from drop-down which has the Key Vault and Key name in which private certificate is added in step1.
Note: Private certificate has to be stored in KeyVault and has to be referenced whereas Public certificate can be stored locally and uploaded.
Add Partner
Click on Partners and add Partner1 the sender and Partner2 the receiver(host), against Qualifier select AS2Identity and against Value Partner1 and Partner2 respectively.
Add Agreement
After adding partners next is to add Agreement, give it a Name , from Agreement Type drop-down select AS2 , Host Partner is Partner2 , Guest Partner is Partner1 and select identity respectively.
Agreement Receive setting - here we decide how the host partner would receive the AS2 message
i.Override Message Properties - If selected then the settings for validation and MDN which is defined below in Agreement is used else info from Message header is used.
ii.Message Should be signed - If selected then the sender partner has to sign the message with his private certificate and to validate it's public certificate has to be used at receiver s - Select the public certificate of the partner from the drop-down.
ii.Message Should be encrypted - If selected then the sender partner has to encrypt the message with receiver's public certificate and to decrypt receivers private certificate has to be used at receiver partner - Select the private certificate of the partner from the drop-down.
iii.Message Should be compressed - If selected all incoming messages must be compressed. Non-compressed messages are rejected.
iv.Disallow Message ID duplicates - It is to specify whether to allow messages with duplicate IDs. If you disallow duplicate IDs, select the number of days between checks. You can also choose whether to suspend duplicates.
v.MDN Text - Specifies the default message disposition notification (MDN) that you want sent to the message sender.
vi.Send MDN - Whether to send synchronous MDNs for received messages.
vii.Send signed MDN - Whether to send signed MDNs for received messages. If you require signing, from the MIC Algorithm list, select the algorithm to use for signing messages.
viii. Send asynchronous MDN - Whether to send MDNs asynchronously. If you select asynchronous MDNs, in the URL box, specify the URL for where to send the MDNs
Agreement Send Setting - here we decide how the host partner would send the AS2 message
i. Enable message signing - Should all outgoing messages must be digitally signed. If you require signing, select these values:
- From the Signing Algorithm list, select the algorithm to use for signing messages.
- From the Certificate list, select an existing host partner private certificate for signing messages.
ii.Enable message encryption - Should all outgoing messages must be encrypted. If you require encryption, select these values:
- From the Encryption Algorithm list, select the guest partner public certificate algorithm to use for encrypting messages.
- From the Certificate list, select an existing guest partner private certificate for encrypting outgoing messages.
iii. Enable message compression - Should all outgoing messages must be compressed.
iv.Unfold HTTP headers - Puts the HTTP content-type header onto a single line.
v.Transmit file name in MIME header - Whether to include the file name in the MIME header.
vi.Request MDN - Should message disposition notifications (MDNs) to be received for all outgoing messages.
vii.Request signed MDN - Should receive signed MDNs for all outgoing messages. If you require signing, from the MIC Algorithm list, select the algorithm to use for signing messages.
viii.Request asynchronous MDN - Should receive MDNs asynchronously. If you select asynchronous MDNs, in the URL box, specify the URL for where to send the MDNs.
ix.Enable NRR - Should require non-repudiation receipt (NRR). This communication attribute provides evidence that the data was received as addressed.
x.SHA2 Algorithm format - Specifies the MIC algorithm format to use for signing in the headers for the outgoing AS2 messages or MDN

Create Logic App to receive AS2 Message and send MDN back
The first step is to Link Integration Account with Logic App, go to Settings --> Workflow Settings and select the Integration Account to
On designer Add Http request action to receive the AS2 message over the HTTP endpoint
Next is to Add Decode AS2 action here we first need to create a AS2 connection, an api connection to Integration Account (this is how the Encode/Decode AS2 connector gets access to the Partners/Agreement/Certificate which is required for them to perform expected operations i.e. signing/validation/decryption/encryption/compresssion)
Then after provide input, i.e. the trigger body and header (header has http headers + AS2 headers which contains AS2 specific info ) to Decode AS2 Message
"body": "@triggerBody()",
"headers": "@triggerOutputs()['headers']",
Last step is to add Response Action to Send MDN (the same http connection will be used thus synchronous) and input to it will be
Hi, nice interesting article
ReplyDelete