Enabling SNC for SAP Integration Framework 2.0 for SAP S/4 HANA Integration

Enabling SNC for SAP Integration Framework 2.0 for SAP S/4 HANA Integration

In the following sections we assume that you run SAP Integration Framework 2.0 on a Microsoft operating system. 

Downloading and Installing the SAP Cryptographic Library

The SAP Cryptographic Library is the default security product delivered by SAP for performing encryption functions in SAP systems. You can use it to secure RFC connections between SAP S/4 HANA and SAP Integration Framework 2.0.

Prerequisites

You have the permission to download software from SAP Service Marketplace.

Procedure

  1. Download the SAP Cryptographic Library for your operating system from SAP Service Marketplace (service.sap.com/swdc  Support Packages and Patches (S)  SAPCRYPTOLIB) and store the archive on the SAP Integration Framework 2.0 server.
  2. Extract the content of the SAPCRYPTOLIB.SAR archive to an arbitrary and empty folder on the SAP Integration Framework 2.0 server.

NOTE

To extract the .SAP archive, you need the sapcar.exe program. 

If the program is not available on the server, download it from SAP Service Marketplace (service.sap.com/swdc  Support Packages and Patches (S)  SAPCAR).

After extracting the archive file, the folder contains the following:

  1. Possibly some subfolders for operating system versions

To select the suitable subfolder for your operating system version, refer to WHICH.TXT. 

Each subfolder contains the following:

    1. sapcrypto.dll
    2. sapcrypto.lst
    3. sapgenpse.exe
2.  The ticket file that contains the license.
  3.  Some more files with descriptions
  1. On the SAP Integration Framework 2.0 server, create the secudir subfolder in the SAP Integration Framework 2.0 folder. 
  2. Copy the following to the secudir folder:
    1. sapcrypto.dll
    2. sapcrypto.lst
    3. sapgenpse.exe
    4. ticket
Setting the SECUDIR System Variable in the Operating System

If the SECUDIR system environment variable does not already exist, create it for the configuration of the cryptography tool SAPGENPSE.

Procedure

  1. In the Microsoft operating system, choose Start  Control Panel  System and Security  System  Advanced system settings, and choose the New… button.
  2. In the Variable name field, enter SECUDIR.
  3. In the Variable value field, enter the path to the secudir folder on the SAP Integration Framework 2.0 server, for example, C:\Program Files\SAP\SAP Business One integration\secudir.
  4. Choose OK.
Copying the SAP S/4 HANA Server SNC PSE and Creating Credentials

We use the SCN PSE, created in SAP S/4 HANA, for the SAP Integration Framework 2.0 server. 

The SAP Integration Framework 2.0 server must have active credentials at runtime. To create active credentials, use the sapgenpse configuration tool with the seclogin command to open the server PSE.

Prerequisites

The SAP S/4 HANA administrator has provided you with the SNC PSE.

Procedure

  1. Copy the <PSE_NAME>.PSE file to the secudir folder on the SAP Integration Framework 2.0 server.

<PSE_NAME>.PSE is the PSE file that you have received from the SAP S/4 HANA administrator.

  1. To create credentials in the secudir folder, enter the following:

sapgenpse seclogin -p <PSE_NAME>.pse –O SYSTEM

The program displays that it has added credentials for the <PSE_NAME>.PSE. 

Result

In the secudir folder, you find the cred_V2 file.

Setting SNC Parameters in SLD

Enable SNC for the SAP S/4 HANA systems in SLD. 

Prerequisites

The SAP S/4 HANA administrator has provided you with the SNC settings in the SAP S/4 HANA system.

Procedure

  1. To start SAP Integration Framework 2.0, choose Start  All Programs  Integration Framework for SAP Business One  Integration Framework.
  2. To log on, in the Administrative User interface, enter the user name and password.
  3. Choose SLD and select the system entry for the SAP S/4 HANA client.
  4. Choose Edit and Display SNC.
  5. In the RFCA and RFCP sections, add the following entries:

Parameter

Description

SNC_MODE

This parameter enables or disables the SNC model. 

To enable SNC, enter 1.

To disable SNC, enter 0. This is the default.

Enter 1.

SNC_QOP

This parameter defines the quality of protection level.

The following options are available:

  1. Authentication only
  1. Integrity protection
  1. Privacy protection (default)
  1. Use the value from snc/data_protection/use on the application server
  1. Use the value from snc/data_protection/max on the application server
  1. Use the same level as the SAP S/4 HANA administrator.

SNC_MYNAME

Enter the SNC name of the user sending messages using RFC. 

Since we use the same PSE as SAP S/4 HANA, this parameter is identical with the value of SNC_PARTNERNAME. 

SNC_PARTNERNAME

Enter the SNC name of your communication partner.

Since we use the same PSE as SAP S/4 HANA, this parameter is identical with the value of SNC_MYNAME.

SNC_LIB

Enter the path and name of your local SNC library, for example, C:\Program Files\SAP\SAP Business One integration\secudir\sapcrypto.dll.

  1. Save your settings and click the Test Connection button in the RFCA and RFCP section.


Next Step: Master Data Distribution in SAP S/4 HANA in Integration Hub

    • Related Articles

    • Enabling SNC in SAP S/4 HANA for SAP S/4 HANA Integration

      To use the SAP Cryptographic Library (SAPCRYPTOLIB) for SNC, the SAP S/4 HANA server must possess a public and private key pair that is stored in its SNC PSE. It must also be able to identify its communication partners using SNC. Use the procedure ...
    • Enabling Secure Network Communication for SAP S/4 HANA Integration

      Secure Network Communication (SNC) is an application layer in SAP S/4 HANA that provides an interface to an external security product.  To secure RFC connections between SAP S/4 HANA and SAP Integration Framework 2.0, use SNC with the SAP ...
    • SAP S/4 HANA Integration with SAP Business One

      The integration package for integration with SAP S/4 HANA provides you with sample integration content and is addressing partners to rapidly build up their demo and development system. The sample integration content must not be applied as-is into the ...
    • Configuration in SAP Integration Framework 2.0 to connect SAP S/4 HANA

      To enable communication between SAP Integration Framework 2.0 and SAP S/4 HANA, do the following in SAP Integration Framework 2.0: Create a system landscape entry for SAP S/4 HANA with RFCA parameters in the System Landscape Directory Maintain ...
    • Configuration in SAP S/4 HANA to connect with SAP Integration Framework 2.0

      In SAP S/4 HANA check whether there is a client and RFC destination available for the client you want to use for the connection to SAP Integration Framework 2.0. Create a logical system and an RFC destination for SAP Integration Framework 2.0 in SAP ...