Show TOC

How SNC Client Encryption WorksLocate this document in the navigation structure

Use

SNC Client Encryption uses Secure Network Communications (SNC) to provide encryption and secure communication for the communication channel between the client and the SAP NetWeaver Application Server for ABAP. This protects the business user operating the client from eavesdroppers, who seek to capture or manipulate information, such as logon data or business data. In a standard setup, users enter their user name and password into the logon screen of the SAP GUI. SAP GUI transfers data, such as user names and passwords, through the network without encryption.

SNC Client Encryption only offers encryption.

For single sign-on (SSO) scenarios, we offer SAP NetWeaver Single Sign-On. SAP NetWeaver Single Sign-On centralizes and greatly simplifies the way users log on to systems and applications in your IT landscape. Seamlessly integrated into your existing authentication processes, it offers enhanced security through state-of-the-art technology. But that is not the only benefit SAP NetWeaver Single Sign-On has to offer. Reduce your operating costs by eliminating password-related helpdesk calls, and improve user productivity - more than enough reasons to start thinking about implementing a single sign-on solution in your company.

For more information, seehttp://help.sap.com/sso20.

Prerequisites

Log on with SNC Client Encryption requires the following:

  • SAP GUI with SNC Client Encryption installed on a computer running Microsoft Windows

  • SAP NetWeaver Application Server for ABAP with the default SAP Cryptographic Library (CommonCryptoLib) or optionally with the Secure Login Library

  • Microsoft Windows Domain Controller

Structure

The figure below illustrates the system landscape.

Figure 1: System Landscape and Process Flow for SNC Client Encryption
Process

  1. User logs on to the Windows client (domain logon) and starts an SAP GUI connection to an SAP NetWeaver Application Server for ABAP system protected with SNC Client Encryption.

  2. SNC Client Encryption recognizes the request for an SNC connection and requests a service ticket for the SAP NetWeaver Application Server for ABAP from the Microsoft Active Directory server.

  3. The Microsoft Active Directory server returns the ticket to SNC Client Encryption.

  4. SAP GUI requests a user ID and password from the user.

  5. Encrypted channel established.

    SAP GUI sends encrypted user ID and password to the SAP NetWeaver Application Server for ABAP for authentication. All further communication during the current session is secure.