For an RFC call that uses a TCP/IP connection to call a registered program, the AS ABAP is the initiator of the communication and the registered program is the acceptor.
One example of such a connection is the connection from an AS ABAP to an AS Java server. In this case, the AS ABAP uses the Java Connector (JCo) to establish the connection.
To specify the SNC options for the initiator (AS ABAP), use transaction SM59. See Maintaining RFC Destinations and their SNC Options Using Transaction SM59.
To apply SNC protection to registered programs that communicate with AS ABAP systems using RFC, you need to specify the SNC options in either the saprfc.ini file or using the program interface in rfclib. This section describes how to specify the information in saprfc.ini. For more information about using rfclib, see C Program Interfaces.
The program may have a user interface for maintaining the parameters. See the program’s documentation for details.
For example, on the AS Java, use the JCo RFC Provider service to make the settings. See Configuring an RFC Destination to use a Secure Network Connection in the AS Java documentation for more information.
You have to provide or install accepting credentials for the RFC server program. (The procedure for installing credentials depends on the security product that you use.)
Set the SNC parameters in saprfc.ini as shown in the table below.
SNC Parameters for RFC from AS ABAP to Start a Registered Program
Parameter |
Description |
Required or Optional |
Permitted Values |
Default |
SNC_LIB |
Path and file name of the gssapi library |
Required |
String value |
None |
SNC_MODE |
SNC activation indicator |
Required |
0,1 0=SNC disabled 1=SNC activated |
None |
SNC_QOP |
Quality of protection (protection level) |
Optional |
1,2,3,8,9 |
3 |
SNC_MYNAME |
SNC name of the RFC server program |
Optional |
String value |
The SNC name contained in the RFC destination’s SNC options. |
You can use the parameter SNC_MYNAME to locally define the name that corresponds to the credentials for the RFC server program. If you do, then make sure that this SNC name corresponds to the SNC name as defined in the SNC options (SNC partner name) for the RFC destination for this server program. If you do not locally define SNC_MYNAME, then the registered program uses the SNC name defined in the RFC destination.
Example destination in the saprfc.ini file:
DEST=ABC_S |
You can only enter one SNC partner name when you enter the SNC options for RFC destinations. Therefore, if two or more programs have the same registered program ID, they must also use the same credentials. This is generally not a problem if the programs are started on the same computer.
However, starting registered programs on different computers is only possible if the same credentials can be used on the different computers. Whether or not this is supported depends entirely on the security product used. Normally, it is not supported and not recommended!
See Profile Parameter Settings on the Gateway for information pertaining to SNC with gateway operations.