How To: Protocol Mixing with SFTP – SOAP with Attachment to SFTP Server Use Case

       With Forum Sentry you do not have to strictly do end-to-end SFTP.  You are able to start out with other protocols and Sentry will take care of the rest.  An example of this would be SOAP with Attachments (SwA) that sees the attachments end up on an SFTP server.  With this in mind the clients will no longer have to be forced to use SFTP so long as the means to deliver SOAP message with an attachment to Forum Sentry.  Forum Sentry will extract just the attachment, process it, including AV scanning, deliver it to an SFTP server and send a 200 OK message back to the client.

Use case details:

1. Client sends HTTP SwA request (MIME attachment) into Sentry

2. Sentry extracts just the attachment, and stores it on an SFTP server

3. Sentry returns a generic 200 OK message back to the client


Steps to realize the use case: 

1. Create HTTP Listener and SFTP Remote Policies

2. Add a Task List with:

       a. ebMS sender {required fields take anything such as "Test"}

       b. ebMS receiver

3. Create a Task List Group to add the Task List to

4. Create an XML Policy and associate 1 and 2 above

5. Set Filter to Multipart--->SOAP with Attachments

6. Use a tool to send a request with an Attachment


Example of a request to send attachments to the SFTP server via HTTP:

POST / HTTP/1.1:
Content-Length: 671585
User-Agent: Crosscheck Networks
Content-Type: Multipart/Related; boundary="----=_MIME_boundary"; type="text/xml"; start="<>"
Authorization: Basic bWFsYWs6b21hcjFwYXBhMg==

Content-Type: application/soap+xml; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-ID: <>
Content-Location: soapbody.xml

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope />
Content-Type: application/pdf
Content-Transfer-Encoding: 8bit
Content-ID: <>
Content-Location: fielanme.pdf

<mybody type=binary>
<@INCLUDE base8 *C:\training\fielename.pdf*@>


Detailed Setup:

         1.  Create HTTP Listener and SFTP Remote Policies

              a.       HTTP Listener:

. Go to Gateway-->Network Policies

. Click New

. Select HTTP then click Next

. Select Listener then click Next

. Click Next to the end, mostly using the defaults. 

The only exception is with regards to Authentication.  In this case we are using Basic Authentication. Once you have created the listener, click on it to see a similar setup as the image below:

 1.png           b.      SFTP Remote:

. Go to Gateway-->Network Policies

. Click New

. Select SFTP then click Next

. Select Remote then click Next

. Fill in the info for your SFTP server similar to the image below:


      2  .        Add the ebMS Task Lists:

. Go to Gateway-->Task PoliciesàTask Lists

. Click New

. Type a name and click Apply

. Click New, select ebMS then click Next

. Select Sender

. Fill in the required fields with anything such “Test” then click Save


. Click New, select ebMS then click Next

. Select Receiver (no need to fill any field here) then Save

You will now see:


 . Click Save

       3.        Create a Task List Group:

. Go to Gateway-->Task Policies-->Task List Groups

. Click New

. Type in a name for the Group and click Create

. Select the ebMS Task List from the drop down then click ADD then Apply and Save


You Task List Group should look like:



       4.        Create the XML Policy and Associate the Listener, Remote Policies and Task List to:

 . Go to GatewayàContent Policies

. Click XML Policies then New

. Name the policy then click Next

. Select the Listener and Remote policies create above the click Finish


Next click on the Virtual Directory and towards the bottom select the Task List Group from above then click Save


       5.        Enable the Multipart (SOAP with Attachments) Filter:

Go back into the Virtual Directory and at the bottom Select Multipart and Enable



Then Save.

This concludes the set up necessary within Sentry in order to be able to send SOAP messages with attachment and have these attachments end up on an SFTP server.

The following is a demonstration of this process using SOAPSonar.

Using SOAPSonar create a new XML test case then setup the following:

  1. Authentication:

For this step I have an LDAP policy setup within Sentry to be able to do Basic Authentication.  If you have LDAP then you can add your own policy or use ours.  


Click on the Authentication button, select Basic Authentication and add a username and a password then click on the green button to save

     2. Attachment:

Click on Attachments button and check MIME then click on ADD Attachment and browse to add your attachment. 


       3. URL:

The final step is specifying the address to the listener you have setup along with the filename to be posted on the SFTP server.  Also make sure that Enable File Streaming is checked then save:


Below please find the system log entries for the transaction above showing the processing of the attachment.


The logs on the SFTP server show the file:

<event seq="604" time="2014-08-06 21:12:25.773898 -0400" app="BvSshServer 6.04" name="I_SFS_TRANSFER_FILE" desc="Virtual filesystem: transfer file.">

    <session id="1006" remoteAddress="" windowsAccount="Malak-PC\sftpuser"/>

    <channel type="session" id="1"/>

    <sfs moduleName="FlowSfsWin" mountPath="/" code="90000" desc="Transferring file completed.">

      <parameters path="C:\Users\sftpuser\FS_Sentry_Pre-Installation_Checklist.pdf" timeMs="5" bytesRead="0" bytesWritten="69690" readRangeOffset="0" readRangeLength="0" writeRangeOffset="0" writeRangeLength="69690"/>


And a listing on the SFTP server shows:

$ ls -l *.pdf

-rwx------+ 1 Administrators None 69690 Aug  7 01:12 FS_Sentry_Pre-Installation_Checklist.pdf


Sentry’s system log shows the entire transaction below:


21:12:24.979 Document entered Communications Layer
21:12:24.980 Received an HTTP request:
                    Protocol: HTTP/1.1
                      Scheme: http
                      Method: POST
                 Request URL:
             Listener Policy: SwA_to_HTTP_Listener
           Virtual Directory: New Virtual Directory
                Virtual path: /*
                   Auth Type: 
                 Header Info: 
                              User-Agent: Crosscheck Networks SOAPSonar
                              Content-Type: Multipart/Related; boundary="----=_MIME_boundary"; type="text/xml"; start="<>"
                              SOAPAction: ""
                              Authorization: ********
                              Transfer-Encoding: chunked
                              Connection: keep-alive
21:12:24.981 Processing request for 'XML Policy: 'HTTP_to_SFTP_XML_Policy''
21:12:24.981 Authenticating basic auth credentials with acl ''
21:12:24.982 Authenticating using 'Local users login module'
21:12:24.982 User 'euclid' not found.
21:12:24.982 Authenticating using 'LDAP login module'
21:12:24.982 Found user 'euclid' in cache for LDAP policy 'test_ldap'.
21:12:24.983 Succeeded to authenticate user 'euclid' using LDAP policy 'test_ldap'
21:12:24.983 Basic auth succeeded - User 'euclid' has correct credentials
21:12:24.983 ACL check skipped - no ACL associated with network policy 'SwA_to_HTTP_Listener'
21:12:24.983 ACL check skipped - no ACL associated with virtual directory '/*'
21:12:24.984 Message type filter match succeeded - matched filter 'Multipart' of type Multipart
21:12:24.995 MIME request contains 2 parts
21:12:24.995 Parsed attachment
               Content-ID: <>
             Content-Type: text/xml; charset=UTF-8
Content-Transfer-Encoding: 8bit
         Content-Location: soapbody.xml
           Start Boundary: 23
             End Boundary: 482
                   Length: 459 bytes
                    Start: Yes
            Other Headers: 
21:12:24.995 Parsed attachment
               Content-ID: <>
             Content-Type: application/pdf
Content-Transfer-Encoding: 8bit
         Content-Location: FS_Sentry_Pre-Installation_Checklist.pdf
           Start Boundary: 507
             End Boundary: 70,397
                   Length: 69,890 bytes
                    Start: No
            Other Headers: 
21:12:24.996 Request document: 
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="">
    <tns:Echo xmlns:xsi="" xmlns:s="" xmlns:tns=""/>
21:12:24.996 No TaskListGroup configured, document will not be processed
21:12:24.996 Incoming document identified to TaskList 'ebMS Task List' using TaskListGroup 'ebMS Task List Group'
21:12:24.996 Document entered Process Manager for task list 'ebMS Task List'
21:12:24.996 Document entered 'ebMS' task: 'ebMS'
21:12:24.997 Document left 'ebMS' task: 'ebMS'
21:12:24.997 Document entered 'ebMS' task: 'ebMS'
21:12:24.997 Document left 'ebMS' task: 'ebMS'
21:12:24.997 Successfully processed task list 'ebMS Task List'
21:12:24.997 Document left Process Manager
21:12:24.997 Sending remote server a processed request:
                      Method: POST
                 Remote Path: /FS_Sentry_Pre-Installation_Checklist.pdf
                 Header Info: 
                              Content-Type: application/pdf
                              User-Agent: Forum Systems
                Message Body: 
<binary: length=69690>
21:12:24.998 Connecting to SFTP server at
21:12:24.998 Opening SFTP connection to
21:12:25.016 Authenticating user 'sftpuser' to using password method
21:12:25.769 Transferring file 'FS_Sentry_Pre-Installation_Checklist.pdf'
21:12:25.775 Response document: 
<binary: length=0>
21:12:25.775 Message type filter encode: document was generated locally; encoding with 'simple' format
21:12:25.775 Adding Via header to response
21:12:25.776 Sending client a raw response:
                 Status Code: 200
                 Header Info: 
                              Via: sftp/0.0
                              Content-Type: application/pdf
                Message Body: 
<binary: length=0>
21:12:25.776 Document left Communications Layer


Please sign in to leave a comment.