Show TOC

Authentication Enhancements with SNCLocate this document in the navigation structure

Use

The use of SNC on the AS ABAP enables you to develop custom authentication enhancements that implement the GSS API V2.

The GSS API V2 is a standard security API, developed by the Internet Engineering Task Force (IETF). You can use it to make application code independent calls to external security providers or to SAP NetWeaver Single Sign-On.

Integration

SNC enables you to use several levels of security protection including authentication, integrity and encryption. The custom authentication enhancement libraries that you develop can implement security protection relevant only to access control and authentication. Alternatively, you can implement several levels of security protection at once.

Prerequisites

  • Secure Network Communications (SNC) is activated on the AS ABAP.

    For more information about activating SNC on the AS ABAP, see Configuring SNC on AS ABAP.

  • If you use an external security library, it must provide the entire functionality defined in the GSS-API V2 interface.

  • If you use an external security library, the functions provided by the external library must be dynamically loadable.

Features

The following section provides information about the architecture of SNC and the integration of external security libraries with SNC.

SNC provides C program interfaces for both external CPIC programs as well as for external RFC programs.

For more information, see the following sections:

Activities

SNC protects the logical link between the end points of a communication. The link is initiated from one side (the initiator) and accepted by the other side (the receiver). For example, when an SAP GUI starts a dialog with the AS ABAP, the SAP GUI is the initiator and the AS ABAP is the receiver.

Both sides of the communication link need to consider the SNC configuration.

Therefore, for the initiator you must specify the following:

  • If the connection should be SNC-protected

  • The name of the communication partner

  • Where its own external library is located

  • The protection level to apply

The receiver must specify the following:

  • Whether or not only SNC-protected connections should be accepted

  • Its own SNC name

  • Where its own external library is located

  • Which protection levels to accept

Depending on the communication partners and types of communication you want to apply, you need to configure the settings in various places in the SAP environment.

For more information, see General Comments Pertaining to the SNC Configuration.

More Information