Configuring SNC on the AGate (SAP Library

Configuring SNC on the AGate

Use

Use this procedure to configure SNC on the AGate for the connection between the AGate and the application server. The SNC configuration for the connection between the AGate and the WGate is also provided, but only necessary if the user’s authentication takes place on the Web server.

Prerequisites

You have obtained the external security product to use for SNC.

You know each of the component's SNC names. The naming convention is determined by the security product used for SNC.

Procedure

Proceed as described below.

Caution

The changes made in the following procedure only take effect after you restart the AGate.

Note

If you use the SAP Cryptographic Library as the security product, then you can use the ITS Administration tool to perform the configuration. See the options under Security à Network Security and SAPCRYPTO Admin. The tool sets the appropriate environment variables and registry keys for using the SAP Cryptographic Library. For more information, see Using the SAP Cryptographic Library for SNC.

Install the security product.

Set the environment variable SNC_LIB to the path and file name of the security product's library.

Note

As of Release 6.20, use the XML configuration file ITSRegistry<SID>.xml that is located in the config sub-directory for the ITS installation. Make the entry in the - <key name="Envars"> block.

Prior to Release 6.20, use the registry key

HKEY_LOCAL_MACHINE\Software\SAP\ITS\2.0\<virtual ITS>\Programs\AGate\environment\<variable>

Perform any other product-specific tasks. For example, the AGate may have to log on to the security product to establish its security environment. For more information, see the product's documentation.

Specify the following parameters:

Parameter	Value
Type	2: Use NISNC based connection (SAP protocol NI plus SNC)
SncNameAGate	AGate’s SNC name
SncNameWGate	WGate’s SNC name (This parameter is only necessary if SNC is to be used for the connection between the AGate and the WGate.)

Note

As of Release 6.20, make these entries in the XML configuration file in the - <key name="Instances"> block for the AGate’s instance.

Prior to Release 6.20, use the registry key:

KEY_LOCAL_MACHINE\Software\SAP\ITS\2.0\<virtual ITS>\Connects\<Parameter>

Set the following parameters in the global or the PAS service file (for example, sapntauth.srvc):

Parameter

Value

Comment

~sncNameR3

SNC name of the application server

This entry activates SNC for the AGate ß à application server connection and should therefore be the last step you perform in the configuration process.

~sncQoPR3

Quality of protection level to use for the communication

Possible values:

1: authentication only
2: data integrity protection
3: data privacy protection
9: use the value from the application server's profile parameter snc/data_protection/max

If omitted, the default level of protection is used (as defined in the application server’s profile parameter snc/data_protection/use)

If your WGate resides on the same host, and you want to use SNC for the connection between the AGate and the WGate, then continue with the WGate's configuration. Otherwise, restart the AGate.

Result

The AGate can use SNC to communicate with the application server and the WGate, provided that these servers have also been configured for using SNC.

See also:

SNC User’s Guide

Using the SAP Cryptographic Library for SNC