Skip to content

Communication Scenario 467:
Printing – Notification Integration


Literature - SAP documentation

Refer to SAP_COM_0467 for further information.

The communication scenario 467 extends the communication scenario 466 by adding a notification route to the seal-cpm-checkin service. The notification route is used by the SAP system to notify PLOSSYS Output Engine about jobs to print.

Notification Route

The general URL of the notification route is:

https://<oms_host>:<oms_port>/v1/jobs/notification

<oms_host> and <oms_port> are host and port of the seal-cpm-checkin service.

For the notification route to work correctly and secure, the following service keys need to be configured:

  • TLS_EXTERNAL_DIR: Directory with TLS certificates and keys used for TLS encryption and authentication

  • USE_HTTP: Optional, if set to true, the seal-cpm-checkin service will only use HTTP for communication with the SAP system. This is useful for cloud environments that handle traffic via load balancers and nginx controllers. Default is false.


Authentication

  • AUTH_TYPE: The authentication type to use for the notification route, possible values are none, basic, cert and oidc, default is none. Depending on the authentication type, different environment keys are required.

Caution - AUTH_TYPE none and basic

The AUTH_TYPE none is dangerous, because it allows any user to access the notification route without authentication. Do not expose the seal-cpm-checkin service to the internet if you use this authentication type.

basic authentication is risky because credentials are sent with every request. Use it only over HTTPS/TLS and only if no better option exists. Prefer mordern auth (oidc or cert) for production.

Certificate Authentication

Requirements:

  • AUTH_TYPE ist set to cert
  • For AUTH_TYPE cert to work the TLS_EXTERNAL_DIR directory may need to contain the certification authority certificate ca.pem.

When using authentication via certificates, the following environment keys are relevant:

  • AUTH_ISSUER_URL: URL of the OIDC identity provider, used for OIDC authentication

  • AUTH_PROXY: Optional URL of a proxy for accessing the OIDC identity provider.

  • ID_PROVIDER_NAME: List of identity provider names, used for OIDC authentication.

  • TRUSTED_CLIENT: Expected name of the OIDC client, used for OIDC authentication.

Basic Authentication

Requirements:

When using basic authentication, the following environment keys are available.

  • HTPASSWD_FILE: File with user/password combinations for basic authentication.

  • HTPASSWD: Single user/password combinations for basic authentication, has priority over HTPASSWD_FILE.


Back to top