Show TOC

Installing and Configuring SSF: Application ServerLocate this document in the navigation structure

Procedure

  1. Install a security product, such as SAP Single Sign-On, on each application server.

    Note the name and location of the library of the security product.

    Note

    For more information about how to install the security product, see the documentation of the security product.

  2. Specify the SSF parameters on the application server.

    Specify them either in the profile parameters SSF<n>/<parameter> or in the environment variables SSF<n>_<variable>.

    Note

    You can install up to three different security products. This may be necessary if different applications use different security products. Each product uses its own profile parameter set. Define the parameters for the number of security products that you use.

    The table below shows the application server profile parameters.

    Table 1: SSF Profile Parameters

    Parameter

    Default

    Possible Values

    Product 1: ssf/ssfapi_lib

    Product 2: ssf2/ssfapi_lib

    Product 3: ssf3/ssfapi_lib

    Empty - meaning that the system uses the SAP Cryptographic Library. (See the note below.)

    Character string up to 255 characters.

    Refer to your security product to find out the name and location of this file.

    Product 1: ssf/ssf_md_alg

    Product 2: ssf2/ssg_md_alg

    Product 3: ssf3/ssg_md_alg

    SHA1

    MD2, MD4, MD5, SHA1, RIPEMD160, SHA256, SHA512

    Refer to your security product for other possible values.

    Product 1: ssf/symencr_alg

    Product 2: ssf2/symencr_alg

    Product 3: ssf3/symencr_alg

    AES128-CBC

    DES-CBC, TRIPLE-DES, DES-EDE3-CBC, AES128-CBC, AES256-CBC

    Refer to your security product for other possible values.

    Product 1: ssf/name

    Product 2: ssf2/name

    Product 3: ssf3/name

    Product 1: SAPSECULIB

    Product 2: SSF2

    Product 3: SSF3

    Character string up to 10 characters (case-sensitive).
    Note

    When an application server is started, the system always loads the security product SAP Cryptographic Library.

    Not all security products support all the values in the table above. The entries in the table above were made with the SAP Cryptographic Library in mind.

  3. To record SSF activities for trace functions, set the SSF_TRACE_LEVEL environment variable to one of the following values:
    Table 2: SSF Trace Levels

    Trace level

    The system records:

    0

    • The starting of the SSF RFC server

    • The loading of the SSF library

    • The installation of the RFC-enabled SSF functions

    1

    • Level 0 trace information

    • The name and return code of SSF functions that are called

    2

    • Level 0 and 1 trace information

    • Signer and receiver information when SSF functions are called

    3

    • Level 0, 1, and 2 trace information

    • All input and output data when SSF functions are called

    The system records the trace information in the kernel error log files (transaction ST11).

  4. Perform any application-specific tasks that may be required.

    For more information, see the documentation of the application.

Related Information