Configuring the CAF KM Web Services on the CAF Side
You need to configure the Web services on both the client and the server side, that is, the CAF and the KM systems. The procedure below describes what you need to do on the CAF system.
You have logged on to SAP NetWeaver Administrator using the following URL: http://<host>:<port>/nwa .
- To configure the CAF system to trust signing certificates issued by the Certificate Authority of the KM system in the SAP NetWeaver Administrator, choose Configuration → Security → Authentication → Login Modules.
- Add the following options to EvaluateTicketLoginModule and EvaluateAssertionTicketLoginModule:
| Name | Value |
|---|---|
|
ume.configuration.active |
True |
|
trustedsys |
<the name of the KM JEE system>,000 ( For example: F07,000 ) |
|
trustediss |
<the distinguished name of the issuer from the ticket certificate of the KM system> (this is the value of the field issuer DN as shown in the Visual Administrator or Issuer name as shown in the SAP NetWeaver Administrator); for example: OU=J2EE,CN=F07 ) |
|
trusteddn |
<the distinguished name of the subject from the ticket certificate of the KM system> (this is the value of the field DN as shown in the Visual Administrator or Subject name as shown in the SAP NetWeaver Administrator; for example: OU=J2EE,CN=F07 ) |
In the previous step, if the trustedsys , trustediss and trusteddn options are already used for trusting another system, you may use trustedsys1 , trustediss1 and trusteddn1 , or trustedsys2 , trustediss2 and trusteddn2 .
- To secure the CAFDataAccess Web service, choose Configuration → Security →Authentication and Single Sign-On. ChooseAuthentication → Components.
- Find the policy configuration sap.com/caf~km~ear*CAFDataService_Config and set on Authentication Stack the value of the field Used Template to ticket.