Show TOC Entering content frame

Procedure documentation Configuring SNC on the Application Server Locate the document in its SAP Library structure

Use

Use this procedure to configure SNC on the application server for the connection between the server and its corresponding ITS.

Prerequisites

·        You have obtained the external security product to use for SNC.

·        You know the SNC names used for the application server and the AGate. The SNC name is the name that identifies the server for using SNC and is determined by the security product used.

Procedure

...

       1.      Install the security product used for SNC on the application server.

       2.      Perform any product-specific tasks. For example, you may have to set certain environment variables or establish a security environment for the application server.

       3.      Set the following profile parameters on the application server:

Parameter

Value

Comment

snc/enable

1

Activate SNC on the application server

snc/gssapi_lib

Path and file name of the security library

Determined when installing the security product

snc/identity/as

SNC name of the application server

Determined when installing the security product

snc/data_protection/max

Maximum level of protection to use

Possible values:
1: authentication only
2: data integrity protection
3: data privacy protection

snc/data_protection/min

Minimum required data protection level

Possible values:
1: authentication only
2: data integrity protection
3: data privacy protection

snc/data_protection/use

Default level of data protection to use

Possible values:
1: authentication only
2: data integrity protection
3: data privacy protection
9: use the value from snc/data_protection/max

snc/accept_insecure_gui

1

Allows users to log on to the system without using an SNC logon.

snc/accept_insecure_cpic

1

Allows non-secured CPIC connections.

snc/accept_insecure_rfc

1

Allows non-secured RFC connections.

snc/accept_insecure_r3int_rfc

1

Allows non-secured internal RFC connections.

snc/extid_login_diag

1

Enable login with external identity (dialog)

snc/extid_login_rfc

1

Enable login with external identity (RFC)

       4.      Specify the AGate's SNC information in the system access control list for SNC (table SNCSYSACL, view VSNCSYSACL, TYPE=E).

...

                            a.      Enter the SNC name for the AGate in the SNC name field. The System-ID field is optional.

                            b.      Activate the options:

§         Entry for RFC activated

§         Entry for diag activated

§         Entry for ext. ID activated

                            c.      Save the data.

       5.      Create a generic entry for the AGate in the extended user access control list (table USRACLEXT):

...

                            a.      Enter an asterisk (*) in the User field.

                            b.      If multiple entries exist for the AGate's SNC name, then enter a value in the Seq.number field. If this is the only entry in the table for the AGate, then use the sequence number 000.

                            c.      Enter the AGate's SNC name in the SNC name field.

                            d.      Save the data.

Note

You receive a warning due to the wildcard entry in the User field.

       6.      If you made changes to the profile parameters, then restart the application server.

Result

The application server can use SNC to communicate with the AGate, provided that the AGate has also been configured for using SNC.

 

 

 

Leaving content frame