To ensure that CAF and KM services are available to one another in KM, you must first provide user credentials to each external service you are using. To do this, you use Single Sign-On (SSO2) authentication.
After a user has logged on, the Application Server Java (AS Java) system encodes user information using private signing keys and sets up a SSO2 logon ticket (cookie with encoded user credentials). Other systems must have imported a signing certificate from each specific system to decrypt such information. Therefore, a signing certificate must be imported for each system that should be trusted.
1. Log on to the CAF AS Java Visual Administrator tool.
2. Navigate to Cluster →Server → Services → Key Storage →Runtime → TicketKeyStore
3. Select the certificate used to sign authentication tickets. By default, this is SAPLogonTicketKeypair-cert.
4. Choose Export.
5. Save the certificate to a local directory under an appropriate name.
For example: CAF-ticket-cert.crt.
1. Log on to the KM AS Java Visual Administrator tool.
2. Navigate to Cluster →Server → Services → Key Storage →Runtime → TicketKeyStore
3. Select the certificate used to sign authentication tickets. By default, this is SAPLogonTicketKeypair-cert.
4. Choose Export.
5. Save the certificate to a local directory under an appropriate name.
For example: KM-ticket-cert.crt.
1. Log on to the KM AS Java Visual Administrator tool.
2. Navigate to Cluster →Server → Services → Key Storage →Runtime → TicketKeyStore.
3. Choose Load.
4. Select the CAF certificate that was exported in Exporting the CAF AS Java Signing Certificate above.
For example: CAF-ticket-cert.crt.
1. Log on to the CAF AS Java Visual Administrator tool.
2. Navigate to Cluster →Server → Services → Key Storage →Runtime → TicketKeyStore.
3. Choose Load.
4. Select the KM certificate that was exported in Exporting the KM AS Java Signing Certificate above.