Export (0) Print
Expand All

Configuring AS2 Party Properties

BizTalk Server uses AS2 party properties to process incoming and outgoing EDIINT/AS2-encoded messages over HTTP/HTTPS transport. These properties are used as follows:

Page Effect on behavior at home-organization BizTalk Server Effect on behavior at trading-partner
BizTalk Server

General

Performed on all messages, both incoming and outgoing

Performed on all messages, both incoming and outgoing

Party as AS2 Message Sender

Performed on incoming AS2 messages and outgoing MDNs

Performed on outgoing AS2 messages and incoming MDNs

Party as AS2 Message Receiver

Performed on outgoing AS2 messages and incoming MDNs

Performed on incoming AS2 messages and outgoing MDNs

Certificate

Bb245980.note(en-us,BTS.20).gifNote
Available only if you have BizTalk Server 2006 R2 SP1 installed.

Performed on all signed outgoing AS2 messages and MDNs

-

For information in tabular format about each AS2 property as set in the AS2 Properties dialog box, see AS2 Properties UI Help.

The following are prerequisites for performing the procedure in this topic:

  • You must be logged on as a member of the BizTalk Server Administrators group.

  1. Right-click the Parties node in the BizTalk Server 2006 Administration Console, point to New, and then click Party.

  2. Name the party.

  3. In the alias list, select EDIINT-AS2 From for Name, leave AS2-From for Qualifier, and then enter the name of the party for Value.

    Bb245980.note(en-us,BTS.20).gifNote
    An entry for AS2-From is required in the alias list of the party's general properties because BizTalk Server matches this value to the AS2-From header in the incoming message to perform party resolution on the receive side. For more information, see Party Resolution for Incoming AS2 Messages.

  4. If you will be using the send port associated with the party to determine the party to send the message to, click Send Ports in the console tree. Enter the name of any send port that will send messages to the party, and the URI for that send port. For example, if you are returning an asynchronous MDN and an acknowledgment to a party that sent you an AS2 message, you must enter that send port in this Send Ports page.

    Bb245980.note(en-us,BTS.20).gifNote
    BizTalk Server can determine the party to send the message to by matching the send port that subscribes to the message with the send port associated with a party. It can also do so using context properties. For more information, see Party Resolution for Outgoing AS2 Messages.

  5. To provide signature verification for incoming AS2 messages bound for the party, click Certificate in the console tree. Enter a common name and thumbprint for the certificate to be used to resolve and validate the identity of the party that signed an AS2 message received by BizTalk Server.

    Bb245980.note(en-us,BTS.20).gifNote
    For more information on certificates used with AS2 messages, see AS2 Security. You may need to install and define certificates for outbound signing, inbound signature verification, outbound encryption, and inbound decryption.

  6. Click Apply to accept the properties and then continue the configuration, or OK to complete the configuration setting.

  1. Right-click the party in the Parties pane of the BizTalk Server 2006 Administration Console.

  2. In the General pane of the AS2 Properties dialog box, click Activate AS2 Reporting to display status entries for all AS2 messages (incoming and outgoing) in the AS2 Message and Correlated MDN Status tab of the Group Overview pane. If cleared, no status entries will be displayed.

  3. Click Check Certification Revocation List to determine whether the certificate to be used in signing either incoming or outgoing messages has been included in the Certification Revocation List, indicating that it has been revoked, or whether the expiration date has passed. If so, BizTalk Server will not decrypt the message, but will suspend it. If this property is cleared, BizTalk Server will not perform this check.

    Bb245980.note(en-us,BTS.20).gifNote
    There is a latency involved with retrieving and searching the certificate revocation list.

  4. Click Ignore SSL Certificate Name mismatch to ensure that if the server name does not match the server name that the SSL certificate was generated for, the SSL connection would still be accepted.

  5. Click HTTP expect 100 continue to set the HTTP Expect header to 100-continue, which specifies that the posted data not be included in the initial HTTP request, but waits for the server to request the content.

  6. Click Keep HTTP connection alive to request that an HTTP connection be kept alive after a request and response cycle has been completed.

  7. Click Unfold HTTP headers to unfold the HTTP content-type header into a single line.

  8. Enter information about the agreement with a party in the Text 1, Text 2, and Agreement text boxes. This data is for information purposes only; it will not be used by the BizTalk Runtime.

  9. Click Apply to accept the properties and then continue the configuration on another page, or OK to complete the configuration setting. Either action will validate the settings.

  1. Select Party as AS2 Message Sender in the console tree of the AS2 Properties dialog box.

  2. In the Party as AS2 Message Sender pane of the AS2 Properties dialog box, check the Override inbound message properties property to have the home-organization BizTalk Server validate the digital signature, compression, and encryption of the incoming message, and generate an MDN, based upon the settings on this page for the party. If you leave this property cleared, BizTalk Server will use the entries in the AS2 header instead of the party properties to determine this processing. For a list of AS2 headers, see AS2 Messages.

  3. In the General area, select which messages you want to store in the non-repudiation database at the home organization: inbound AS2 messages (decoded or not decoded) or outbound MDN messages.

    Bb245980.note(en-us,BTS.20).gifNote
    To guarantee non-repudiation of receipt, you must establish the authentication and integrity of the message. The recommended way of doing so is by using a digital signature on the message. As a result, if you select any of the above properties to store messages or MDNs in the non-repudiation database, you should sign the message by selecting the Message should be signed property or the Sign MDN property.

    Bb245980.note(en-us,BTS.20).gifNote
    To store either the inbound AS2 message or outbound MDN in the non-repudiation database, you need to activate AS2 reporting in the General page of the AS2 Properties dialog box. The Partner Agreement Manager will select the Active AS2 reporting property when you select a property storing a message or MDN in the NRR database.

  4. If you checked the Override inbound message properties property in the Incoming AS2 Message area, click Message should be signed to ensure that the inbound message is signed; click Message should be compressed to ensure that the inbound message is compressed; and click Message should be encrypted to ensure that the inbound message is encrypted.

    Bb245980.note(en-us,BTS.20).gifNote
    Only if the appropriate property is set will the AS2 receive pipeline at the home organization verify the digital signature, decompress the message, or decrypt the message. If the Override inbound message properties property is selected and the message has different transport properties for signing, compression, and encryption than those selected on the party properties, then the AS2 Decoder will suspend the message and post an error.

  5. If you checked the Override inbound message properties property, click Generate MDN to have the AS2 receive pipeline at the home organization generate an MDN acknowledgment for each AS2 message received. If you check this property, you need to click Sign MDN to indicate that the receive pipeline should sign the MDN, and you need to click Transmit MDN Asynchronously to indicate that it should return the MDN via a separate send pipeline (asynchronously). Otherwise, the MDN will be returned via the send pipeline of a two-way receive location (synchronously).

    Bb245980.note(en-us,BTS.20).gifNote
    If the Override inbound message properties and Generate MDN properties are selected, the MDN generation and transmission behavior proposed by the message are ignored and the party properties are used. The message properties and the party properties are not compared, as is done with the signing, compression, and encryption properties (see step 4).

  6. If you checked Transmit MDN asynchronously, you must enter the URL (with Destination parameter, if applicable) that the home-organization BizTalk Server should send the MDN to in the Receipt-Delivery-Option (URL) text box. This value will be used by the separate send port.

  7. If you did not check the Override inbound message properties property, you can choose to have the home-organization BizTalk Server sign the MDN if generation of the MDN is enabled by the Disposition-Notification-to AS2 header, but the Disposition-Notification-Option header does not enable signing. This can occur if Disposition-Notification-Option either is not set or is set to optional. Do so by clicking Sign requested MDN if Disposition-Notification-Option header is not preset or has signing set to optional.

  8. You can enter text in the MDN Text field to have the home-organization BizTalk Server add it to the MDN message (under the Content-Description field), whether the MDN was generated based upon the AS2 headers or the party properties.

  9. Click Apply to accept the properties and then continue the configuration on another page, or OK to complete the configuration setting. Either action will validate the settings.

  1. Select Party as AS2 Message Receiver in the console tree of the AS2 Properties dialog box.

  2. In the General area, select which outbound AS2 or inbound MDN messages you want to store in the non-repudiation database at the home organization. You can store encoded or decoded outbound AS2 messages. You can also store inbound MDN messages.

    Bb245980.note(en-us,BTS.20).gifNote
    To guarantee non-repudiation of receipt, you must establish the authentication and integrity of the message. The recommended way of doing so is by using a digital signature on the message. As a result, if you select any of the above properties to store messages or MDNs in the non-repudiation database, you should sign the message by selecting the Message should be signed property or the Sign MDN property.

  3. Click Process inbound MDN into MessageBox for routing/delivery options to route the MDN through the A2 Decoder as a passthrough message and then into the MessageBox. When this property is selected, BizTalk Server promotes the IsAS2MdnResponseMessage property for routing purposes.

  4. In the Outbound AS2 Message area, click Sign Message for the inbound message to be signed; Compress Message for the inbound message to be compressed; and Encrypt Message for the inbound message to be encrypted. Only if the appropriate property is set will the AS2 send pipeline at the home organization verify the digital signature, decompress the message, or decrypt the message.

  5. If you click Encrypt Message, enter the mode of encryption that the trading partner should use (DES3 or RC2).

  6. For Default content type, select the default content type that the home-organization BizTalk Server must use for an outgoing AS2 message. If the ContentType property is set in the context for a message body part, that setting is used to generate the outgoing message; otherwise, the value of this Default content type property is used.

  7. In AS2-From, enter the value that the home-organization BizTalk Server will enter into the AS2-From field of the AS2 header of the outgoing message.

  8. In AS2-To, enter the value that the home-organization BizTalk Server will enter into the AS2-To field of the AS2 header of the outgoing message.

  9. If the trading partner must generate an MDN in response to the AS2 message sent from the home organization, check Request MDN.

  10. If Request MDN is checked and the trading partner must sign the MDN, check Request signed MDN.

  11. If Request MDN is checked and the trading partner must send the MDN asynchronously, check Request asynchronous MDN and then enter the URL that the receiving party should send the MDN to in Receipt-Delivery-Option (URL).

  12. In Disposition-Notification-To, enter any value. The value of this field is not used during AS2 processing.

  13. In Signed-Receipt-MICalg, enter the MIC algorithm that the trading partner must use to sign the MDN, either MD5 or SHA1.

  14. Click Apply to accept the properties and then continue the configuration on another page, or OK to complete the configuration settings. Either action will validate the settings.

  1. Select Certificate in the console tree of the AS2 Properties dialog box.

  2. Click Override Group Signature Certificate to specify a signing certificate to use when sending signed AS2 or MDN messages.

  3. Click Browse to display the Select Certificate dialog box.

  4. In the Select Certificate dialog box, select a certificate to use when signing outbound messages, and then click OK.

  5. The certificate common name and thumbprint information is displayed in the Common Name and Thumbprint fields.

  6. Click Remove certificate to remove the certificate configuration.

  7. Click Apply to accept the properties and then continue the configuration on another page, or click OK to complete the configuration settings. Either action will validate the settings.

Community Additions

ADD
Show:
© 2014 Microsoft