I would recommend to use STS, we did it for our systems.
Here are some information:
Secure Network Communication (SNC)
a. This was available in XI3.1 and is available in BI4.0
b. Used with unv or direct BEx queries
c. Establishes a two-way trust between BW and BOBJ with a certificate exchange
d. Server side only (does not work with client tools such as UDT)
Security Token Service (STS)
- New in BI4+
- Used with BICS and unx (any technology new to BI4)
- Trust is established with a BOBJ cert provided to BW and a matching keystore provided in the CMS
- Works with client tools such as IDT
More Info:
Both SNC and STS are password-less SSO mechanisms that rely on the established trust.
SNC and STS can be used together in a BI4 environment for SSO to BW.
Default keystore validity period is 1 year. This means that the process will need to be repeated after the keystore expiration. This validity period can be adjusted (see KBA/knowledge list below)
KBA/Additional Knowledge:
1650872 - When to use SNC and when to use STS?
1396213 - How-To: Access BusinessObjects documents based on SAP data sources without providing SAP username and/or password (SNC Configuration)
1500150 - Troubleshooting SNC server trust connectivity in business Objects XI 3.x (SNC Troubleshooting)
1670073 - How -To: Generate keystore and certificate in the process of configuring STS for SAP BI4.0 (STS Setup)
1621540 - Error with STS connections while SNC is configured (only required if both SNC and STS are in use in the same BOBJ system)
1920571 - How to set the validity period for a keystore when configuring STS SSO STS Setup Wiki
Thanks,
Tilak