Managing AS2 trading partners
In order to send or receive AS2 messages, you must first create an AS2 trading partner. See Trading Partners for a description of what a trading partner is.
The AS2 trading partner must have a To ID value (see Message section below) that is equal to the incoming AS2-From header for the incoming AS2 message. This ensures that the trading partner is a known and trusted connection. When receiving an AS2 message MFT Server will iterate through available AS2 trading partners to identify a match. If no matching trading partner is found then the AS2 message will be rejected.
See the image below for an example AS2 trading partner. In this example the trading partner is another instance of MFT Server. AS2 messages may be sent manually from YourDomain > EDI > AS2 Messages
module or automatically in response to server events using the AUTOMATION > Triggers
module and related actions.
Creating an AS2 Trading Partner
In YourDomain > AUTOMATION > Trading partner
, click on the Add
button. The Add Trading Partner
dialog will appear. From the dropdown Protocol list, select AS2
, then click OK
. The Add "AS2" Trading Partner
dialog window will appear, as depicted in the image below.
Basic
Name - The unique name to assign to this trading partner.
Company - The name of the company that this trading partner represents.
E-mail - The primary email address for this trading partner. This field should be entered if you wish to use the Emailing trading partners feature.
Connection
URL - The URL of AS2 HTTP/S service.
Timeout - The timeout in seconds for establishing a connection to AS2 service.
Username - The optional username to use when logging into the AS2 service. Credentials will be submitted using HTTP basic authentication. Note: When connecting to an instance of MFT Server running the AS2 service, you must provide credentials with username in the form of username@domain unless the Bind unauthenticated transfers to domain <domain name> under user <user name>
option is checked in Settings > MISCELLANEOUS > Web > AS2
for which no credentials are required.
Password - The optional password to use when logging into AS2 service.
Proxy
Proxy Type - The type of proxy service (e.g. HTTP). Select a Proxy Type from the dropdown list, if one is configured.
-
Proxy Host - The hostname or IP address of the proxy service.
-
Proxy Port - The port number of the proxy service.
-
Username - The username used when logging in to the proxy service.
-
Password - The password used when logging in to the proxy service.
SSL
Host Key - If checked, this is the host key used when validating the HTTPS certificate of server. The field's dropdown list allows you to select a Host Key
that is managed by the Key Manager (See Key Management).
Client Key - Select the client key type to use when authenticating with HTTPS server.
-
Use one-time key - If selected, a one-time key is used for authentication.
-
User server key - If selected, an existing server key, managed by the Key Manager, is used for authentication.
-
Use key file - If selected, a file-based key is used for authentication.
-
Key file password - If Use key file is selected, this is the optional client key password to be used for the connection
-
Message
From ID - This can be any alpha-numeric value (no spaces) that uniquely identifies where the AS2 message is coming from. The value entered into this field will constitute the AS2-From header of all outgoing messages sent to this trading partner.
To ID - This can be any alpha-numeric value (no spaces) that uniquely identifies where the AS2 message is being sent to.
From address - An optional email address that will accompany outgoing AS2 messages and may be used by the recipient.
Receipt - The method of MDN receipt. Both synchronous and asynchronous modes are supported.
In synchronous mode MFT Server will send the AS2 message and read the MDN receipt in a single connection.
In asynchronous mode MFT Server will send the AS2 message along with instructions to the recipient on where to send the MDN receipt once the AS2 message is processed. Asynchronous MDN receipts are sent to MFT Server over HTTP/S via the URL http(s)://[host]:[port]/as2/receipts
where [host] and [port] are the IP address and port that the MFT Server AS2 service is listening on.
Note, when using asynchronous mode it is important that the IP address that your AS2 service is listening on is publicly available. For example, if you are using the special address 0.0.0.0
or an internal NAT address then you will need to instruct MFT Server to use a different address when sending out asynchronous MDN URL, otherwise the recipient may not be able to post the MDN receipt. This can be achieved in Settings > MISCELLANEOUS > Web > Web > Server name
, setting this value to the public IP address or hostname of your MFT Server instance.
Prefer HTTPS receipt delivery URL - If checked (default) then the URL provided for asynchronous MDN receipts will use HTTPS service if available.
Receipt signature required - If checked then recipient must respond with an MDN receipt.
Receipt timeout - The timeout for receiving an MDN receipt. This applies to synchronous mode only.
Encryption key - If checked, this is the public key/certificate to use for encrypting AS2 messages. This is sourced from Host Keys tab in Key Manager.
Encryption algorithm - The encryption algorithm used for encrypting AS2 messages.
Signing key - If checked, this is the private key to use for signing AS2 messages. This is sourced from Server Keys tab in Key Manager.
Signature algorithm - The algorithm used for signing AS2 messages.
Enable compression - If checked AS2 messages will be sent compressed.
Tags
Tags - If specified, this is the one or more tags that are used to limit which administrators have access to this trading partner.