Hello,
I have a quite challenging non-SAP-to-ABAP RFC scenario with a trust relationship.
Hereu2019s the scenario:
An Oracle database server acts as an RFC client and calls RFC function modules in an ABAP server. (I assume the Oracle programmers are going to use NW RFC SDK 7.1 or JCo 3.0 on the Oracle server and call that from their PL/SQL based database application.)
The challenge is that I donu2019t want to use a single u201Ctechnical useru201D on the ABAP side because that would mean that all the users on the Oracle side would be mapped to one single ABAP user. Also, I donu2019t want to have to store individual ABAP passwords on the Oracle side.
Instead, I want the ABAP server to trust the RFC client the same way it might
a) trust a NetWeaver AS Java server after installing the Java serveru2019s certificate in transaction STRUSTSSO2 or
b) the way it might trust another ABAP server after configuring a trust relationship (transaction SMT1?)
The ABAP server should accept incoming RFC connections from the Oracle RFC client with just the user name and no password given and run the resulting processes in the ABAP system under the user id given in the RFC call.
I imagine the ideal solution somehow along the following lines (simplified scenario for a PC-based prototype):
- I download run a program that creates a certificate file (public key?) which I import into the ABAP system.
- The same program creates a matching file (private key?) for the RFC client.
- For reasons of simplicity, let us imagine the RFC client as a stand-alone Java SE application running on a PC.
- The Java SE application uses the JCo library to connect to the ABAP system.
- When opening the connection, it passes a username, but no password. Instead, it passes a Base64-encoded string that was generated by our key/certificate generator program.
- On the ABAP side, the function modules are run under the username used by the Java SE application when establishing the RFC connection.
Is that possible at all? How would you solve this?
Thank you very much in advance and best regards,
Thorsten