Securing the Server
To integrate CAF and KM systems, you use the Document and DocContent data services from CAF. By default, access to these services is not sufficiently protected. This means that any user who successfully authenticated to AS Java can potentially access the metadata of deployed CAF applications, as well as the Web services used for integration with KM in an undesired way.
To secure the access to the data services used in the integration scenario, we strongly recommend that you follow the configuration procedures below. The configuration procedure does not interrupt the operation of your CAF applications.
You have updated the KM AS Java to the latest SAP NetWeaver support package.
Preparing the Server on the CAF Side
- Log on to the SAP NetWeaver Administrator, using the following URL: http:<host>:<port>/nwa
- Choose Configuration → Security → Authentication and Single Sign-On → Authentication →Components.
- Select the sap.com/caf~km~ear*CAFDataService_Config component.
- Switch to edit mode and set Used template to none.
- Add EvaluateAssertionTicketLoginModule. Modify it as follows:
- Move it to the first position.
- Set Flag to SUFFICIENT.Note
You have to execute these steps for all of the client CAF AS Java of a particular KM AS Java.
Preparing the Client on the KM Side
More information: http://help.sap.com/saphelp_nw70ehp1/helpdata/en/d6/ceb82a00da4c18b2832b6bc545a521/frameset.htm
Securing the Server on the CAF Side
1. Log on to the SAP NetWeaver Administrator, using the following URL: http:<host>:<port>/nwa .
2. Choose Configuration → Security → Authentication and Single Sign-On → Authentication →Components.
3. Select the sap.com/caf~km~ear*CAFDataService_Config component.
4. Switch to edit mode and set Used template to evaluate_assertion_ticket.
You have to execute these steps for all of the client CAF AS Java of a particular KM AS Java.
Securing the Server on the KM Side
More information: http://help.sap.com/saphelp_nw70ehp1/helpdata/en/d6/ceb82a00da4c18b2832b6bc545a521/frameset.htm