This solution note applies to the following:

• Ariba Integration Toolkit Standalone
• Ariba Integration Toolkit for SAP NetWeaver PI

The following security enhancements are available with Ariba Integration Toolkit (ITK) version CI 7.0.

• The supported Java version has been updated to Java version 8.

You must ensure the following:

• • In the sample options file, set JAVA_Home to Java 8 or later versions.
  • For SAP Process Integration/Process Orchestration, the supported version is version 7.5, which is based on Java version 8.

• Currently, Ariba Integration Toolkit uses Triple Data Encryption Algorithm (3DES). In this upgrade, Ariba Integration Toolkit replaces 3DES with Advanced Encryption Standard (AES) containing the GCM operation mode with a 256-bit key.

The passwords in the existing Ariba Integration Toolkit setup that are encrypted using 3DES will not work after the upgrade. You must encrypt the secret key and all your passwords again with the utility scripts.

• This release introduces the new file validation requirements. You must ensure that the file name:
  • Doesn’t exceed a maximum length of 255 characters
  • Contains only alphanumeric characters and special characters ( ) . , _ -.
  • Contains the file extensions, .txt, .xml, .log, .csv, .sql, .properties, .jks, .zip, .cfg

• This release comprises the Apache Log4j 2.16.0 library that addresses the known Apache Log4j vulnerabilities.
• This release contains the latest security fixes.

Steps to Download Ariba Integration Toolkit (Standalone)

1. Log in to SAP Ariba Connect (https://connectsupport.ariba.com/sites#Home-show). If you do not have a User ID and Password for Ariba Connect, contact your Ariba account executive.
2. On the Home page, click Documentation & Learning.
   The Product Documentation page appears.
3. Click Cloud Integration.
4. Under the selected latest version of SAP Integration Suite, managed gateway for spend management and SAP Business Network, click Resources.
   The Ariba Cloud Integration Resources page appears.
5. In the Integration Tools, click Integration tools for Ariba Procure-to-Pay.
   The Procurement and Invoicing Resources page appears.
6. Go to the Integration Tools for SAP section and then click Ariba Integration Toolkit (Standalone).
7. On the AribaIntegrationToolkit page, click Download to download and save AribaIntegrationToolkit.zip
8. Extract the aribaintegrationtoolkit.jar file from the zip file to an appropriate location on your system.

Steps to Download Ariba Integration Toolkit for SAP Netweaver PI

1. Log in to SAP Ariba Connect (https://connectsupport.ariba.com/sites#Home-show). If you do not have a User ID and Password for Ariba Connect, contact your Ariba account executive.
2. On the Home page, click Documentation & Learning.
   The Product Documentation page appears.
3. Click Cloud Integration.
4. Under the selected latest version of SAP Integration Suite, managed gateway for spend management and SAP Business Network, click Resources.
   The Ariba Cloud Integration Resources page appears.
5. In the Integration Tools, click Integration tools for Ariba Procure-to-Pay.
   The Procurement and Invoicing Resources page appears.
6. Go to the Integration Tools for SAP section and then click Ariba Integration Toolkit for SAP NetWeaver PI. If the list does not contain this entry, contact your Ariba account executive.
7. On the Ariba Integration Toolkit for SAP NetWeaver PI page, click Download to download and save Ariba Integration Toolkit for SAP NetWeaver PI.zip.
8. Extract files from the zip file to an appropriate location on your SAP PI system.

SAP Business Network for Procurement & Supply Chain