1. Log on to SAP NetWeaver Administrator.
2. Choose Configuration Management → Security → Authentication and open the Login Modules tab page.
3. Make sure that login modules EvaluateAssertionTicketLoginModule and EvaluateTicketLoginModule have the following options set:
¡ ume.configuration.active: true
¡ trustedsys: <a unique name issued by the user>, 000
For example: F49,000
○ trustediss: <a unique name issued by the user>
For example: OU-J2EE,CN=F49
○ trusteddn: <a unique name issued by the user>
For example: OU-J2EE,CN=F49
4. Save your settings.
5. Navigate to the home page of SAP NetWeaver Administrator and choose SOA Management → Business Administration →Web Services Administration.
6. In the Value field, enter sap.com/caf~runtime~ear_com.sap.caf.km.datasvc.ejb_CAFDataServiceVi and choose Go.
7. Select the service from the list and open the Configuration tab page.
8. On the Service Endpoints tab page, select the endpoint and open the Security tab page.
9. Make sure you have configured the following options:
○ Transport Protocol is set to HTTP.
○ For HTTP Authentication, Logon Ticket is enabled.
○ For Message Authentication, SAML Assertion is enabled.
If you have problems configuring the CAF Authentication Template, you can use the Diagtool for Troubleshooting Security Configuration.
10. Navigate to the home page of SAP NetWeaver Administrator and choose SOA Management → Technical Configuration → Destination Template Management.
11. Open the Security tab page for the following destinations:
○ KMBaseServiceStdrWSVi_Document
○ KMNodeServiceSndrWSVi_Document
○ KMRelationSvcStdrWSVi_Document
and set HTTP Authentication and LogonTicket as Authentication properties.