Communication Scenario 467:
Printing – Notification Integration¶
Literature - SAP documentation
Refer to SAP_COM_0467 for further information.
The communication scenario 467 extends the communication scenario 466 by adding a notification route to the seal-cpm-checkin service. The notification route is used by the SAP system to notify PLOSSYS Output Engine about jobs to print.
Notification Route¶
The general URL of the notification route is:
https://<oms_host>:<oms_port>/v1/jobs/notification
<oms_host> and <oms_port> are host and port of the seal-cpm-checkin service.
For the notification route to work correctly and secure, the following service keys need to be configured:
-
TLS_EXTERNAL_DIR: Directory with TLS certificates and keys used for TLS encryption and authentication -
USE_HTTP: Optional, if set totrue, theseal-cpm-checkinservice will only use HTTP for communication with the SAP system. This is useful for cloud environments that handle traffic via load balancers and nginx controllers. Default isfalse.
Authentication¶
AUTH_TYPE: The authentication type to use for the notification route, possible values arenone,basic,certandoidc, default isnone. Depending on the authentication type, different environment keys are required.
Caution - AUTH_TYPE none and basic
The AUTH_TYPE none is dangerous, because it allows any user to access the notification route without authentication. Do not expose the seal-cpm-checkin service to the internet if you use this authentication type.
basic authentication is risky because credentials are sent with every request. Use it only over HTTPS/TLS and only if no better option exists. Prefer mordern auth (oidc or cert) for production.
Certificate Authentication¶
Requirements:
AUTH_TYPEist set tocert- For
AUTH_TYPEcertto work theTLS_EXTERNAL_DIRdirectory may need to contain the certification authority certificateca.pem.
When using authentication via certificates, the following environment keys are relevant:
-
AUTH_ISSUER_URL: URL of the OIDC identity provider, used for OIDC authentication -
AUTH_PROXY: Optional URL of a proxy for accessing the OIDC identity provider. -
ID_PROVIDER_NAME: List of identity provider names, used for OIDC authentication. -
TRUSTED_CLIENT: Expected name of the OIDC client, used for OIDC authentication.
Basic Authentication¶
Requirements:
AUTH_TYPEist set tobasic
When using basic authentication, the following environment keys are available.
-
HTPASSWD_FILE: File with user/password combinations for basic authentication. -
HTPASSWD: Single user/password combinations for basic authentication, has priority overHTPASSWD_FILE.