Configuring SAP Solution Manager Connector

To use the SAP Solution Manager 7.2 (SolMan) connector, you must first install Apache Tomcat and Signavio Process Manager.

Create a new database schema named solman72connector for the SAP Solution Manager 7.2 connector.

You must run the connector on a different database schema than the one you use for Signavio Process Manager.

Installing the connector

To install the SAP Solution Manager connector, you need two files: solman72.yml and configuration.xml.Both files are provided in the ZIP file that comes with the on-premises edition of Signavio Process Manager. solman72.yml is used to configure the SAP Solution Manager connector. configuration.xml is the same file as the one used to configure Signavio Process Manager.

  1. Copy solman72.yml into the Tomcat conf folder.
  2. Open the solman72.yml file, and follow the instructions and read the comments in it. The instructions tell you how to configure the SAP Solution Manager 7.2 connector.

Instructions and comments within the file start with a hastag (#). Comments always refer to the following configuration parameter, for example.:

# the shared secret for communication between Signavio Process Manager and solman72-service

    # must be the same as the <sharedJwtSecret> in configuration.xml

    sharedJwtSecret: SHARED_SECRET_CHANGE_ME
   

Configuring the connector

Configuring the connector is similar to the configuration used for Signavio Process Manager. You use Environment instead of Parameter in the code.

Open context.xml in the Tomcat conf folder, and add the following code snippet within the Context tag below the other parameters:

<Environment name="spring.config.location" 
	value="${catalina.base}/conf/solman72.yml"
	type="java.lang.String"/>

Next, open configuration.xml and add the following:

<sharedJwtSecret>SHARED_SECRET_CHANGE_ME</sharedJwtSecret>


<gatewaymappings>solman72=http://localhost:8080/solman72</gatewaymappings>

These parameters need to be configured:

  • sharedJwtSecret: Just like with the template file, this is where you set the secret. It MUST be the same in both solman72.yml and configuration.xml.
  • gatewaymappings : This is your host and port. http://localhost:8080 is the default. solman72 is the name of the directory in the Tomcat webapps folder and should not be changed.

Do not delete any parameters from the template and keep the configuration files consistent with each other.

Using Solution Administration

See the Signavio user guide for information on using the connector.

Generating the SSL certificate (optional)

This section is only relevant if you are using HTTPS with Signavio Process Manager. See the Using HTTPS section for additional information.

If you are using HTTPS, then Apache Tomcat requires an SSL certificate with multiple DNS names in order to run the connector.

  1. Create a configuration file named selfsigned.conf, and use that to generate the SSL certificate.

Below is a sample configuration file you can use as a template.

[ req ]

default_bits = 2048

default_keyfile = localhost.pem

distinguished_name = subject

req_extensions = req_ext

x509_extensions = x509_ext

string_mask = utf8only




[ subject ]

countryName = Country Name (2 letter code)

countryName_default = US


stateOrProvinceName = State or Province Name (full name)

stateOrProvinceName_default = NY


localityName = Locality Name (eg, city)

localityName_default = New York


organizationName = Organization Name (eg, company)

organizationName_default = Example, LLC


commonName = Common Name (e.g. server FQDN or YOUR name)

commonName_default = Example Company


emailAddress = Email Address

emailAddress_default = test@example.com


[ x509_ext ]

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid,issuer




basicConstraints = CA:FALSE

keyUsage = digitalSignature, keyEncipherment

subjectAltName = @alternate_names

nsComment = "OpenSSL Generated Certificate"


[ req_ext ]

subjectKeyIdentifier = hash


basicConstraints = CA:FALSE

keyUsage = digitalSignature, keyEncipherment

subjectAltName = @alternate_names

nsComment = "OpenSSL Generated Certificate"




[ alternate_names ]

DNS.1 = localhost

DNS.2 = 127.0.0.1

DNS.3 = mycompany.com

DNS.4 = signavio.mycompany.com


# Add these if you need them

# DNS.5 = mycompany.de

# DNS.6 = mycompany.co.uk

# DNS.7 = 127.0.0.1


# IPv6 localhost

# DNS.8 = ::1

# DNS.9 = fe80::1]
  1. Change the DNS parameters to match the addresses you will use to access the platform. On the command line, use
    openssl req
    -config selfsigned.conf -new -x509 -sha256 -newkey rsa:2048 -nodes
    -keyout localhost.key.pem -days 365 -out localhost.cert.pem
    to generate the certificate.
  2. Use the command
    openssl pkcs12
    -export -out localhost.pfx -inkey localhost.key.pem -in
    localhost.cert.pem
    to generate a PFX file.

Trusting SSL certificates in Tomcat (optional)

The last step is to instruct your Tomcat to trust your self-signed certificate.

  1. Create a trusted Java Keystore. In the command line, add the self-signed certificate to it using the command
    keytool
    -importcert -file localhost.cert.pem -keystore keystore.jks -alias
    "localhost"
    Choose a new password when prompted.
  2. Configure your Tomcat to trust the keystore that you've just created by starting Tomcat with the Java parameters -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword, -Djavax.net.ssl.trustStore, and -Djavax.net.ssl.trustStorePassword. One way of doing it is through the environment variable CATALINA_OPTS, for example: bash_profile export CLIENT_CERT=/path/to/keystore.jks export CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.keyStore=$CLIENT_CERT -Djavax.net.ssl.keyStorePassword=mypassword -Djavax.net.ssl.trustStore=$CLIENT_CERT -Djavax.net.ssl.trustStorePassword=mypassword"
  3. Configure your Tomcat to use your newly generate PFX file. Follow the instructions as specified in the Using HTTPS section.

System diagnostics

On-premises customers can use our system diagnostics tool to check if their connector installation was successful. See the Troubleshooting configuration issues section for details.