Show TOC Start of Content Area

Procedure documentation Configuring UME Policies and Authentication Templates  Locate the document in its SAP Library structure

Use

You must first configure the policy configurations of the security provider in the Application Server Java (AS Java) before you can begin configuring Single Sign-On for the CAF repository manager. You do this to restrict and manage access to resources deployed on the AS Java.

Procedure

Configuring the SAP NetWeaver Portal UME Policy for SAP NetWeaver 7.0

 

       1.      Log on to Visual Administrator.

       2.      Choose Global Configuration Security Provider Runtime Policy Configuration.

       3.      Open the Security Roles  tab page of each of the following policy configurations:

                            a.      Add your guest group Guests to the view-creator security role of policy configuration keystore - view.TicketKeystore

                            b.      Add the group Everyone to the view-creator security role of policy confirmation keystore-view.securestorage.

                            c.      Add the Guests group to the KeystoreViewsCreator security role of policy configuration of the J2EE Engine.

Configuring the SAP NetWeaver Portal Authentication Template

 

       1.      Choose Server Node Services Security Provider

       2.      Open the Runtime tab page and then the Policy Configuration tab page.

Note

Make sure the ticket template has the following login modules:

Login Modules

Flag

EvaluateTicketLoginModule  

SUFFICIENT

BasicPasswordLoginModule

REQUISITE

CreateTicketLoginModule

OPTIONAL

       3.      Modify the EvaluateTicketLoginModule and CreateTicketLoginModule options with the following properties:

¡        trustedsys:  <a unique name issued by the user>, 000

For example:  EP6,000

¡        trustediss: <a unique name issued by the user>

For example:  CN=EP6, OU=EPTeam, O=SAP Trust Community, C=DE

¡        trusteddn:  <a unique name issued by the user>

For example:  CN=EP6, OU=EPTeam, O=SAP Trust Community, C=DE

 Note

You can find values for trusteddn and trustediss properties in the portal certificate (“DN of owner”, “DN of issuer”) fields.  If you have to set up SSO authentication with more than one portal, you should add this property for each portal using a suffix at the end of a property.

For example, trustedsys1 or trustedsys2.

       4.      For the components

       sap.com/caf~km.ep.kmnodesvc*KMBaseServiceStdrWS_Config1

       sap.com/caf~km.ep.kmnodesvc*KMNodeServiceSnrdWS_Config1

       sap.com/caf~km.ep.kmnodesvc*KMRelationServiceStdrWS_Config1

configure the following login modules:

Login Modules

Flag

EvaluateAssertionTicketLoginModule

SUFFICIENT

EvaluateTicketLoginModule

SUFFICIENT

BasicPasswordLoginModule

SUFFICIENT

CreateTicketLoginModule

SUFFICIENT

All except BasicPasswordLoginModule must have the following options set:

       trustedsys:  <a unique name issued by the user>, 000

For example: C42,000

       trustediss: <a unique name issued by the user>

For example: OU-J2EE,CN=C42

       trusteddn:  <a unique name issued by the user>

For example: OU-J2EE,CN=C42

       ume.configuration.active: true

 

End of Content Area