Show TOC Start of Content Area

Function documentation Authentication Enhancements with SNC  Locate the document in its SAP Library structure

Use

The use of SNC on the AS ABAP enables you to develop custom authentication enhancements that implement the GSS API V2.

The GSS API V2 is a standard security API, developed by the Internet Engineering Task Force (IETF). You can use it to make application code independent calls to external security providers.

Integration

SNC enables you to use several levels of security protection including authentication, integrity and encryption. The custom authentication enhancement libraries that you develop can implement security protection relevant only to access control and authentication. Alternatively, you can implement several levels of security protection at once.

Prerequisites

      Secure Network Communications (SNC) is activated on the AS ABAP. For more information about activating SNC on the AS ABAP, see Configuring SNC on AS ABAP.

      The external security library must provide the entire functionality defined in the GSS-API V2 interface.

      The functions provided by the external library must be dynamically loadable.

Features

The following section provides information about the architecture of SNC and the integration of external security libraries with SNC.

      Integration of SNC and an External Security Product in SAP Systems

      External Security Products

SNC provides C program interfaces for both external CPIC programs as well as for external RFC programs. For more information, see the following sections:

      Interfaces to External CPIC Programs

      Interfaces to External RFC Programs

Activities

SNC protects the logical link between the end points of a communication. The link is initiated from one side (the initiator) and accepted by the other side (the receiver). For example, when a SAP GUI starts a dialog with the AS ABAP, the SAP GUI is the initiator and the AS ABAP is the receiver.

Both sides of the communication link need to consider the SNC configuration.

Therefore, for the initiator you must specify:

      if the connection should be SNC-protected

      the name of the communication partner

      where its own external library is located

      the protection level to apply

The receiver must specify:

      whether or not only SNC-protected connections should be accepted

      its own SNC name

      where its own external library is located

      which protection levels to accept

Depending on the communication partners and types of communication you want to apply, you need to configure the settings in various places in the R/3 environment.

For more information, see General Comments Pertaining to the SNC Configuration.

 

See also:

 

SNC in the SAP System Architecture

 

End of Content Area