Issues sending attachments from Solman to external
Our solution is supporting sending and receiving attachments bidirectionally. It is working for Jira DC, Jira Cloud and ServiceNow.
Each solution has some specialities or restrictions:
We are currently supporting only operation “create / add”. No change and no delete operations are supported for now.
Sending to ServiceNow is currently supporting only one attachment at one time. The binary data are send here.
Sending to Jira Cloud is an own operation sending the attachment binary data. Jira Cloud is sending a URL to SAP Solution Manager targeting to the attachment file content.
Sending of attachments to Jira DC is embedded into the operations create and update. Here a content server URL is send instead of the binary data. Jira side has to fetch the binary data using a separate call. Some for the oposite direction: A file content URL is send to SAP Solution Manager. SAP Solution Manager has to fetch the binary data using a separate call.
If you are sending attachments from SAP Solution Manager to Jira DC, you might face the issue, that attachments are not received in Jira DC. This could be caused by a missconfiguration of the content server.
Context
This article gives you some hints what to check and what to do. Please note that this arcicle is relevant only for CC4 sending attachments from SAP Solution Manager to Jira DC. The other direction (Jira DC → SAP Solution Manager) is not covered since here the content server URL generation is not needed. Same for Jira Cloud and ServiceNow. Either SAP Solution Manager is fetching binary data from external or SAP Solution Manager is sending/receiving binary data.
SAP Notes
Please read and proceed following sap notes ehlping you to analyze and configure the content server:
3448453 - Configuring Content Repository of type 'SAP Database' - SAP for Me
2827260 - Configuration steps for /sap/bc/contentserver service - SAP for Me
Endpoint Configuration
Here you are activating the SICF node which will be called from outside. You are forcing HTTPS if requested. You are setting up a service user which is getting used for content server activities. The caller from outside does not need any logon credentials. However the caller will need a valid URL, valid parameters, valid token.
Please call SICF → Hierarchy Type “Services” → Service path “/default_host/sap/bc/contentserver”
Is this node active? Same for all nodes in the hierarchy above (/sap/bc, /sap)?
Is the correct user name and the correct password configured at “Logon Data”? Does the user have proper authorities? (try SAP_ALL + SAP_NEW temporary)
Is SSL (https) activated or Standard (http)? What do you want?
Please also check in SIFC whether there is a external alias /sap/bc/contentserver defined which might shadow the real sicf node. If this is the case please delete it or please ensure that the settings (username, password, Security) are the same.
Content Server Administration
Here you are administrating the content server. You are choosing the proper interface version. You are forcing HTTPS if requested.
Please call transaction OAC0, select repository CRMORDER.
Is version 47 used instead of 46 or below?
Is HTTPS chosen on frontend and backend side if you want to use HTTPS instead of HTTP?
If you cannot find any customizing fields for choosing HTTPS and if you face the issue that always a HTTP URL is getting generated, you have to proceed following steps:
Goto OAC0 and select CRMORDER repository.
Switch to ‘Edit’ mode.
Insert ‘%HTTPS’ in the command line and press ‘Enter’.
The fields ‘HTTPS on frontend’ and ‘HTTPS on backend’ are now visible. Switch the field value for both fields to ‘HTTPS required’ and save the settings.
Please call transaction OAC0, select repository CRMORDER and go to menu “Environment → CS Admin”.
Alternatively call CSADMIN directly and select the repository there.
Open details once for http (unsecure connection) and once for https (secure connection).
Please check and adjust the settings there:
Is the customizing consistent (green icon next to repository name)?
Is the content server running (status running)?
Are host and port correctly mentioned (compare with SMICM → Goto → Services)?
Is there any error message displayed as popup or in status bar on entering the settings?
URL Localization (Redirection)
Please goto SE16 → HTTPURLLOC and check there:
Is there a pattern for /sap/bc/contentserver or /sap/bc/ or /sap/?
Is HTTP or HTTPS configured? Does it match to the configuration done in SICF?
Is there a switching to another host and port configured? Are these values valid to be used from external?
DNS Services & Firewall & Middleware
Please be aware that the URL generated using SCIF, external aliases and HTTPURLLOC might be available only inside your network either because only the intranet DNS service is able to resolve the host name or because the firewall is blocking the calls to the host or port.
Therefore you might face the issue, that all your internal checks and testings where passed successfully but it is still not working. Jira DC is still not able to fetch the binary data.
Therefore you have either to switch to another host known by the internet or to use an ip adress instead of an host name. This switching can be done using HTTPURLLOC.
Additionally you have to setup your firewall to allow calls from Jira DC.
Alternatively (and proposed by us!) is to use a proxy (e.g. a middleware), for instances SAP BTP CPI or SAP BTP API Management. Here another URL is exposted to the internet. You have to configure HTTPURLLOC accordingly to ensure that the correct URL is getting generated.
Jira Side
For instances you have to register/upload the certificate of SAP Solution Manager (or your proxy/middleware) to Jira. Only then Jira is able to perform https calls to the SAP Solution Manager or proxy/middleware endpoint. By the way: Same for the oposite direction. You have to upload the Jira certificate to SAP Solution Manager STRUST transactions certificate store.
CC4 Jira is logging warnings and errors. To get access to the logs you have to install the “lastlog” app.
Last Log for Jira | Atlassian Marketplace
Testing
Try reports RSCMST, RSCMSTHS and RSCMSTH0 (with repository CRMORDER).
Test the SICF service “/sap/bc/contentserver” in SICF.
Call URL “<protocol><host>:<port>/sap/bc/contentserver/ContentServer.dll?serverInfo&pVersion=0047” in your internet browser. Try it with http and with https.
Activate full logging in your CC4 configuration profile. Perform an attachment sending from SAP Solution Manager to Jira DC. Have a look at the text log of the ticket in SAP Solution Manager. Is the payload logged there? Is the attachment (attribute ISATTACHSET) incuded? Which URL got sent to Jira? What happens if you are entering this URL in your internet browser? (It should download the file!)
Debugging & Tracing
You can try activate and using the trace in SMICM. Maybe you will detect an certificate issue or something else.
Also you can try debugging CL_HTTP_EXT_CSIF->IF_HTTP_EXTENSION~HANDLE_REQUEST. Set a external breakpoint at the beginning of this method for the content server user specified in SICF. This breakpoint will become active as soon as Jira DC (or you or somebody) is trying to fetch the binary data but only if the call is reaching the SAP Solution Manager.
Please also set a breakpoint at /XALM/CC4_CL_EXT_INT_UPD_OUT->READ_ATTACHMENTS. Set a external breakpoint at the beginning of this method for the end-user executing the ticket change in SAP Solution Manager. This breakpoint will become active as soon SAP Solution Manager tries to collect attachment data to be sent to Jira DC. Here you can analyze which URL is getting determined/generated.
By the way: /XALM/CL_CC4_INTEG_CREATE_INB->GET_ATTACHMENTS is getting used to fetch the binary data from outside using a URL received before. This is used for the opisite feature not relevant for this article except we are using a SAP SOlution Manager to SAP Solution Manager communication.
It is always a good idea to check SU53/SAUTHTRACE, ST22, SLG1.
Of course you should also check the Cross Connector Log and the text log of your SAP Solution Manager ticket where you started/executed the synchronization.
Good luck!
Outlook
In future we will send binary data to Jira DC to avoid this binary data fetch call. Maybe we will provide both options.
Pro:
The configuration described in this article is not needed.
The synchronization is faster because there is no back call needed.
The firewall setting is easier because Jira does not need to fetch data from SAP Solution Manager.
Contra:
The payload will be much bigger. For very big attachments it might happen, that the payload will be rejected by Jira because of some http/rest server settings.