Recently I had a scenario where I needed to test AS2 Msg Send/receive with encryption & Decryption.
I realized there a lots of good guidance samples are available but they were in lots of different places and had some dependencies.
I am documenting the steps I went through to make the sample work.
Step 1: To start this is great sample to try the whole end to end scenario and very easy to deploy. Only thing missing is Encryption and decryption.
Once you have deployed the solution which has all the Integration Accounts, Partners, Agreements and Logic Apps to Send and receive the messages, test out the solution.
Now you need your certificates to Encrypt and decrypt your messages. You can use Public Certificates purchased from Certificate Authorities and they don't require any Keys
If you plan to use self-signed certificates which was my case, you will need Private Key in Azure Key Vault.
Step 2: Create Azure Key Vault
Note: Make sure you give appropriate access to "Azure Logic Apps" to Key Vault using Access Policies or now preferred RBAC approach.
Step 3: Create Self Signed Certificate (for testing purposes only)
If you already have the public Certificate and Private Key, you can upload the private Key in the Key Vault.
Step 4: Go to the Contoso Integration Account (receiving party) and add the Private Key to the integration account
You might encounter an error or wont see any Keys when you select the KeyVault. This happens if you have not given access to the Azure Logic Apps to Key Vault.
Click on Add to add the Private Key
Step 5: Go to Agreements and click on edit button to edit the Contoso-FabrikamSales agreement. Click on Receive Settings and select Enable Message Encryption.
Select the Private Key added in earlier step in the drop down.
Step 6: Make sure Contoso AS2Receive Logic Apps has the decrypt Step/Action
Step 7: Go to the Fabrikam Integration Account (sending party) and add the public certificate to the integration account.
Step 8: Go to Agreements and click on edit button to edit the FabrikamSales-Contoso agreement. Click on Send Settings and select Enable Message Encryption.
Select the Public Certificate added in earlier step in the drop down.
Step 9: Go to your Send Logic App and Configure the Encode Step Action. Make sure you populate the AS2 From and AS2 To Parameter with correct Values.
Step 10: Go to Http Action add below parameters
For Header
Body('Encode_to_AS2_message')?['AS2Message']?['OutboundHeaders']"
For Body
@base64ToBinary(body('Encode_to_AS2_message')?['AS2Message']?['Content'])
Make Sure You have correct URI to the Receiving Logic App.
Step 11: Last step is to test the flow. Go to FabrikamSales-AS2Send logic app and run it manually. Validate if it successfully executed.
Go to Contoso-AS2Receive and confirm if it also ran successfully. GO to the Run History identifier click on it and check the Decode AS2 Msg action Output and check dispositionType is not giving any errors.
References:
Add certificates to secure B2B messages in workflows - Azure Logic Apps | Microsoft Learn
Exchange AS2 messages in B2B workflows - Azure Logic Apps | Microsoft Learn
Azure Logic Apps - AS2 Send Receive - Code Samples | Microsoft Learn
Solutions for common errors and problems in B2B scenarios - Azure Logic Apps | Microsoft Learn
Microsoft