Maintain Trust Connection between SAP Systems

Problem

You are using a “Central Hub Deployment” (separate frontend and backend systems) System Landcape and you are not sure if the setup has been done correctly.

Environment

SAP System Setup

Reason

The Trust Connection between the used SAP Systems is used to simplify logon processes across Systems by ensuring Security and minimize the requirements for authentication when logging on to a remote system.

Solution

Generally speaking a trust connection is not mutual, meaning that it applies to one direction only by defining an RFC destination. For PPP use cases a trust connection between Backend system, as the trusting system, and the frontend system, as the trusted system, has to set up correctly.
If a calling SAP system is known to the system being called as the calling system, then no password is required for the logon.

For the defining a Trust Connection the following steps are required, you can also use them as a reference point to check the setup of your systems:

  1. In the backend system, open transaction SM59 and choose Create.
  2. In the RFC Destination field, enter the RFC destination name in the following format: <system id >CLNT<Client>. .
  3. In the Connection Type field, enter 3.
  4. In the Description 1 field, enter an explanatory text
  5. Save your settings.
  6. On tab Technical Settings and Load Balancing select the relevant option according to your system’s settings.
  7. In the Target Host field, enter the (message) server name of the frontend system.
  8. In the System Number field, enter the frontend system number, for example, 00.
  9. Save your settings.
  10. In transaction SMT1 choose Create.
    The wizard for creating trusting relationships displays.
  11. Proceed with the steps outlined in the wizard.
    In the RFC Destination field, enter the RFC destination you created.
    An RFC logon to the frontend system takes place and the necessary information is exchanged between the systems.
  12. Log onto the frontend system using your administrator user and password.
    The trusted entry for the frontend system is displayed.
  13. Save your settings.

It is also required that:

  • End users must have authorization object S_RFCAC assigned to them before they can use a trusted connection.
  • System times / clock settings between trusted System and trusting System have to be synchronized.

Keywords

Login, Connection, Trust, SSO, Single Sign On, System