Show TOC Start of Content Area

Procedure documentation RFC: TCP/IP Connection - Registered Program  Locate the document in its SAP Library structure

Use

For an RFC call that uses a TCP/IP connection to call a registered program, the AS ABAP is the initiator of the communication and the registered program is the acceptor.

Example

One example of such a connection is the connection from an AS ABAP to an AS Java server. In this case, the AS ABAP uses the Java Connector (JCo) to establish the connection.

Initiator (AS ABAP)

To specify the SNC options for the initiator (AS ABAP), use transaction SM59. See Maintaining RFC Destinations and their SNC Options Using Transaction SM59.

Acceptor (Registered Program)

To apply SNC protection to registered programs that communicate with AS ABAP systems using RFC, you need to specify the SNC options in either the saprfc.ini file or using the program interface in rfclib. This section describes how to specify the information in saprfc.ini. For more information about using rfclib, see C Program Interfaces.

Note

The program may have a user interface for maintaining the parameters. See the program’s documentation for details.

Example

For example, on the AS Java, use the JCo RFC Provider service to make the settings. See Configuring an RFC Destination to use a Secure Network Connection in the AS Java documentation for more information.

Prerequisites

You have to provide or install accepting credentials for the RFC server program. (The procedure for installing credentials depends on the security product that you use.)

Procedure

Set the SNC parameters in saprfc.ini as shown in the table below.

SNC Parameters for RFC from AS ABAP to Start a Registered Program

Parameter

Description

Required or Optional

Permitted Values

Default

SNC_LIB

Path and file name of the gssapi library

Required

String value

None

SNC_MODE

SNC activation indicator

Required

0,1

0=SNC disabled

1=SNC activated

None

SNC_QOP

Quality of protection (protection level)

Optional

1,2,3,8,9

3

SNC_MYNAME

SNC name of the RFC server program

Optional

String value

The SNC name contained in the RFC destination’s SNC options.

Note

You can use the parameter SNC_MYNAME to locally define the name that corresponds to the credentials for the RFC server program. If you do, then make sure that this SNC name corresponds to the SNC name as defined in the SNC options (SNC partner name) for the RFC destination for this server program. If you do not locally define SNC_MYNAME, then the registered program uses the SNC name defined in the RFC destination.

Example

Example destination in the saprfc.ini file:

DEST=ABC_S
TYPE=R
PROGID=host4.srfcserv
GWHOST=host1
GWSERV=sapgw01
SNC_MODE=1  
SNC_MYNAME=p:CN=testuser, OU=TEST01, O=myCompany, C=US
SNC_LIB=C:\SAP_Cryptolib\sapcrypto.dll

Using SNC with Registered Programs

You can only enter one SNC partner name when you enter the SNC options for RFC destinations. Therefore, if two or more programs have the same registered program ID, they must also use the same credentials. This is generally not a problem if the programs are started on the same computer.

However, starting registered programs on different computers is only possible if the same credentials can be used on the different computers. Whether or not this is supported depends entirely on the security product used. Normally, it is not supported and not recommended!

Gateway Operations

See Profile Parameter Settings on the Gateway for information pertaining to SNC with gateway operations.

 

 

End of Content Area