Purpose
We want to use Call ... -currentuser in conjunction with Single Sign On


With Single Sign On in SAP Logon, the -currentuser option does not work without setting the SNC parameters in GuiXT profile. GuiXT will otherwise display a popup window to enter a password.

Solution 1
Execute all RFC functions (Call statements, reading content from SAP Web Repository or SAP MIME reporitory,..) with the currently logged on user. You need to give all GuiXT users the necessary authorizations e.g. for reading the SAP MIME repository.

GuiXT profile:

RfcUser   *
RFcPassword *
RfcCurrentClient Yes
RfcConnect  SNC_MODE=1 SNC_PARTNERNAME="p:CN=&database, O=myCompany, C=XX"

Adjust the SNC_PARTNERNAME parameter according to your system settings. If different conventions are used for different SAP systems, use the ifDatabase option, e.g.


RfcConnect  ifDatabase=PR7 SNC_MODE=1 SNC_PARTNERNAME="p/SECUDE:CN=PR7, O=myCompany, C=DE"

 

Solution 2
Use an RFC user for all general functions such as MIME repository access and for those Call statements which do not require special authorization checks, and use the -currentuser option with SSO for Calls where secured access is necessary.

GuiXT profile:

RfcUser   myrfcuser
RRFcPasswordEnc CTYVQFYXUJYEYTDKGYENXXCEEWMZORYWQ...
RfcCurrentClient Yes
RfcConnect  ifCurrentUser=Yes SCN_MODE=1 SNC_PARTNERNAME="p:CN=&database, O=myCompany, C=XX"


Further if-options

The RfcConnect parameter in the GuiXT profile supports the following options to distinguish RFC connections:

ifDatabase=XXX         // SAP system name XXX
ifClient=XXX              // RFC connection uses client XXX
ifCurrentUser=Yes     // Call statement with -currentuser option
ifAshost=xxxxx        // Application server xxxxx

The options can be combined, for example

ifDatabase=PR6 ifcurrentUser=Yes  SNC_MODE=1 ...

 

Further SNC-options
All SAP SNC options are supported, although in most cases SNC_MODE= and SNC_PARTNERNAME= will be sufficient. For details please see the SAP documentation.

SNC_MODE=1              // 1:SNC active  0:inactive
SNC_PARTNERNAME=  // SNC name of target SAP system

SNC_QOP=8                 // Level of protection 1,2,3,8,9
SNC_LIB=                     // Path to SAP security library, set by environment variable
SNC_MYNAME=            // SNC name of user, set by the security library

 

Firewall settings 
RFC normally uses the port 33XX where XX ist the SAP system number. With SNC, RFC uses the port 48XX (configurable).

 

Components
InputAssistant