Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RFC Trust Relationship - Authentication

Go to solution
Former Member

‎08-10-2010 5:58 PM

0 Kudos

Hello Experts,

Could anyone tell me what really happens behind the scenes when you setup the RFC Trust Relationship on ABAP systems?

Do the trusted system certifcate imported to the trusting system?

Do the systems exchange the certificates/keys while authentication?

Is there any help document available giving more details about what happens behind the scenes of RFC trust relationship configuration and how the single sign on possible?

One on-site consultant said that the systems exchange the certificates, and another consultant said that they exchange keys and the data is encrypted. If there is no SNC enabled how is the data is encrypted.

And also I do not see the trusted system certificate in trusting system "certifcate list".

My assumption is adding 2 systems to RFC trust relationship neither adds trusted system certificate into the trusting system nor exchange keys between systems for RFC Call. The calling system(trusted system) gets authenticated based on S_RFCACL authorization in trusting system.

Please share your thoughts or any relevant help documents

Thanks,

Himadama

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎08-10-2010 9:28 PM

0 Kudos

It depends.

If systems have the same system PSE identity, then they naturally trust each other.

If they don't, then it is config in the SM59 menu.

Either way, the target system of the trust gets to decide who they trust and how much via authorization S_RFCACL.

It is also stronger than S_RFC...

So it is not really authentication: It is authorization to be authenticated against by a system which you "trust".

Cheers,

Julius

3 REPLIES 3

Go to solution
Former Member

‎08-10-2010 9:28 PM

0 Kudos

It depends.

If systems have the same system PSE identity, then they naturally trust each other.

If they don't, then it is config in the SM59 menu.

Either way, the target system of the trust gets to decide who they trust and how much via authorization S_RFCACL.

It is also stronger than S_RFC...

So it is not really authentication: It is authorization to be authenticated against by a system which you "trust".

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎09-13-2010 11:36 PM

0 Kudos

When establishing trust relationship "u201CAll the necessary information such as application server name and security key is supplied automaticallyu201D:

http://help.sap.com/saphelp_nw04/helpdata/en/22/042671488911d189490000e829fbbd/content.htm

"The trust relationship between the communicating systems is based on public-key technology and involves storing in specially designated key stores public certificates for trusted systems. "

RFCSECKEY field in RFCSYSACL table in trusting system lists the trusted system keys.

Thanks,

Himadama

Go to solution
Former Member

‎08-13-2010 5:26 PM

0 Kudos

Hi

Please go to this link :

http://help.sap.com/saphelp_nw70ehp1/helpdata/en/47/95443fbee8700fe10000000a42189d/frameset.htm

it also has clear doucmentation and steps to setup a trusted relationship:

pay attention to the following three pointers from the above link for using trusted RFC

"● A user in the target system

● Authorizations for the applications he or she needs to use in the target system

● Authorization for the object S_RFCACL

This authorization object regulates a useru2019s right to log onto a system via a trusted connection"

Regards