You can provide user credentials to external systems such as remote function calls (RFCs) only if the user is logged on to the J2EE Engine via an X.509 client certificate. You set up user credentials only when using CAF Core entity services configured as external RFC services.
1. Set up certificate authentication in the J2EE Engine
See: Using Client Certificates for User Authentication
2. Associate the client certificate with a given user in the external system
See: Configuring the System for Using X.509 Client Certificates
3. Configure SNC between J2EE and the external system
See: Configuring SNC (SAP J2EE Engine to ABAP Engine)
If the user tries to execute a remote RFC service, for example with a CAF Core service that has a remote persistency using the RFC, then the user certificate will be passed on to the external system. The external system then looks up the user associated to that X.509 certificate and executes the RFC with the credentials provided to a specified user.