Show TOC

Authentication for Communication between SystemsLocate this document in the navigation structure

The open architecture of SAP NetWeaver technology platform enables you to use communication destinations for various other systems to perform frequent tasks or functions. For such cases, you can configure SAP NetWeaver systems to perform authentication in the background without interactively choosing authentication credentials.

Communication for such tasks, and respectively the transfer of the security credentials, can be performed over SAP-specific protocols such as RFC, over the HTTP communication protocol, or SOAP used for Web Service-based communication. You can protect your SAP NetWeaver systems against unauthorized access by enabling the use of authentication with system users.

To facilitate administration, the AS Java and AS ABAP technology stacks enable you to use centralized administration of the security options for system-specific communication. The configuration options are technology stack-specific:

  • For the AS ABAP you configure the authentication options for communication destinations using the configuration transaction for maintaining system destinations. ( SM59 ).
  • For the AS Java, you can configure the authentication options for communication destinations using the destination management functions of SAP NetWeaver Administrator.
Security Considerations

SAP NetWeaver enables you to use several options for authenticating user access, for example with a system user ID and password or with assertion tickets. The security aspects of the authentication process are similar to the security aspects involved in using the corresponding authentication mechanisms for the other access channels to SAP NetWeaver with the following specifics:

  • For user ID and password authentication, you can use any SAP NetWeaver user ID for the system-specific logon. For additional security, however, we recommend that you configure the use of system-specific users that cannot be used to log on to the SAP NetWeaver system interactively. The creation of such users is system-specific.

    For more information, see Identity Management .

  • Using the configuration functions for system-specific configuration, you can establish uni- or bi-directional trust between systems that commonly interact with each other. The trust relationship between the communicating systems is based on public-key technology and involves storing in specially designated key stores public certificates for trusted systems.

    The corresponding SAP NetWeaver technology stack can then use the stored certificates to encrypt communication or to accept authentication credentials, for example assertion tickets that are protected with signatures. Establishing trust relationships between frequently communicating systems enables you to reduce the administrative load for configuring multiple systems in complex system landscapes, while protecting the communication with cryptographic mechanisms.

    For more information, see:

Configuration

Configuring SSO for system destinations is specific to the SAP NetWeaver technology stack that you use.

For more information, see Single Sign-Onfor Interaction between Systems .