Show TOC

Authentication for Communication Between SystemsLocate this document in the navigation structure

The open architecture of SAP NetWeaver technology platform enables you to use communication destinations for various other systems to perform frequent tasks or functions. For such cases, you can configure SAP NetWeaver systems to perform authentication in the background without interactively choosing authentication credentials.

Communication for such tasks, and respectively the transfer of the security credentials, can be performed over SAP-specific protocols such as RFC, over the HTTP communication protocol, or SOAP used for web service-based communication. You can protect your SAP NetWeaver systems against unauthorized access by enabling the use of authentication with system users.

To facilitate administration, SAP NetWeaver technology platform enables you to use centralized administration of the security options for system-specific communication. The configuration options are technology stack-specific:

  • For SAP NetWeaver Application Server for ABAP you configure the authentication options for communication destinations using the configuration transaction for maintaining system destinations. (SM59).
  • For SAP NetWeaver AS for Java, you can configure the authentication options for communication destinations using the destination management functions of SAP NetWeaver Administrator.
Security Considerations

SAP NetWeaver enables you to use several options for authenticating user access, for example with a system user ID and password or with assertion tickets. The security aspects of the authentication process are similar to the security aspects involved in using the corresponding authentication mechanisms for the other access channels to SAP NetWeaver with the following specifics:

  • For user ID and password authentication, you can use any SAP NetWeaver user ID for the system-specific logon. For additional security, however, we recommend that you configure the use of system-specific users that cannot be used to log on to the SAP NetWeaver system interactively. The creation of such users is system-specific.
  • Using the configuration functions for system-specific configuration, you can establish uni- or bi-directional trust between systems that commonly interact with each other. The trust relationship between the communicating systems is based on public-key technology and involves storing in specially designated key stores public certificates for trusted systems.

    The corresponding SAP NetWeaver technology stack can then use the stored certificates to encrypt communication or to accept authentication credentials, for example assertion tickets that are protected with signatures. Establishing trust relationships between frequently communicating systems enables you to reduce the administrative load for configuring multiple systems in complex system landscapes, while protecting the communication with cryptographic mechanisms.

Configuration

Configuring SSO for system destinations is specific to the SAP NetWeaver technology stack that you use.

Related Information