Show TOC Start of Content Area

Procedure documentation Securing the Server  Locate the document in its SAP Library structure

Use

To integrate CAF and KM systems, you use the Document and DocContent data services from CAF. By default, access to these services is not sufficiently protected. This means that any user, who successfully authenticated to AS Java, can potentially access the metadata of deployed CAF applications, as well as to the web services used for integration with KM in an undesired way.

To secure the access to the data services used in the integration scenario, we strongly recommend that you follow the configuration procedures below. The configuration procedure does not interrupt the operation of your CAF applications..

Procedure

Securing the Server on the CAF Side

Preparing the server on the CAF Side

...

       1.         Log on to the CAF AS Java Visual Administrator.

       2.      Choose Cluster    Server    Services    Security Provider    Runtime    Policy Configuration.

       3.      Select the sap.com/caf~runtime~ear*CAFDataService_config component.

       4.      Set Authentication  Authentication template to no.

       5.      Add EvaluateAssertionTicketLoginModule. Modify it in the following way:

                            a.      Set Position to 1.

                            b.      Set Flag to SUFFICIENT.

                            c.      Copy all the options from the EvaluateTicketLoginModule.

Note

You have to execute these steps for all of the client CAF AS Java of a particular KM AS Java.

Preparing the Client on the KM

...

       1.      Log on to the KM AS Java Visual Administrator tool.

       2.      Go to Cluster    Server    Services    Destinations    Runtime    Destinations/Web Service   sap.com/caf~km.proxies/com.sap.caf.proxies.CAFDataService/ConfigPort_Rpc_enc.

       3.      Set Authentication to Assertion Ticket.

Securing the server on the CAF Side

...

       1.      Log on to the CAF AS Java Visual Administrator tool.

       2.      Navigate to Cluster    Server   Services    Security Provider    Runtime    Policy Configuration.

       3.      Set Authentication    Authentication template  to evaluate_assertion_ticket for the following components:

¡        sap.com/caf~km.ep.kmcollaborationsvc*KMCollaborationSvcStrdWS_Config1

¡        sap.com/caf~km.ep.kmindexsearchsvc*KMIndexSvcStdrWS_Config1

¡        sap.com/caf~km.ep.kmnodesvc*KMBaseServiceStdrWS_Config1

¡        sap.com/caf~km.ep.kmnodesvc*KMNodeServiceSnrdWS_Config1

¡        sap.com/caf~km.ep.kmnodesvc*KMNodeServiceStrdWS_Config1

¡        sap.com/caf~km.ep.kmnodesvc*KMRelationSvcStdrWS_Config1

¡        sap.com/caf~km.ep.kmnotifsvc*KMNotificationSvcStrdWS_Config1

¡        sap.com/caf~km.ep.uploadsvc*CleanJobSnrdWS_Config1

¡        sap.com/caf~runtime~ear*CAFDataService_config

 Note

You have to execute these steps for all of the client CAF AS Java of a particular KM AS Java.

Securing the Server on the KM Side

Preparing the Server on the KM Side

1.   Log on to KM AS Java Visual Administrator.

2.   Navigate to Cluster    Server    Services    Security Provider    Runtime    Policy Configuration.

3.   Set Authentication    Authentication template  to evaluate_assertion_ticket for the following components:

       sap.com/caf~km.ep.kmcollaborationsvc*KMCollaborationSvcStrdWS_Config1

       sap.com/caf~km.ep.kmindexsearchsvc*KMIndexSvcStdrWS_Config1

       sap.com/caf~km.ep.kmnodesvc*KMBaseServiceStdrWS_Config1

       sap.com/caf~km.ep.kmnodesvc*KMNodeServiceSnrdWS_Config1

       sap.com/caf~km.ep.kmnodesvc*KMNodeServiceStrdWS_Config1

       sap.com/caf~km.ep.kmnodesvc*KMRelationSvcStdrWS_Config1

       sap.com/caf~km.ep.kmnotifsvc*KMNotificationSvcStrdWS_Config1

       sap.com/caf~km.ep.uploadsvc*CleanJobSnrdWS_Config1

       sap.com/caf~runtime~ear*CAFDataService_config

Preparing the Client on the CAF Side

...

       1.      Log on to the CAF AS Java Visual Administrator tool.

       2.      Navigate to Cluster    Server    Services    Destinations    Runtime    Destinations/Web Service.

       3.      Set authentication to Assertion Ticket for all of the following destinations:

       sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.index.KMIndexSvc/Config1Port_Document

       sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmbasesvc.KMBasesvc/Config1Port_Document

       sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmcleanjob.CleanJobSvc/Config1Port_Document

       sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmcoll.KMCollaborationSvc/Config1Port_Document

       sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmnode.KMNodeService/Config1Port_Document

       sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmnotif.KMNotificationSvc/Config1Port_Document

       sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmrelation.KMRelationSvc/Config1Port_Document

4.   Navigate to Cluster    Server    Services    Configuration Adapter    Runtime    Display Configuration.

5.   Navigate to the application configuration properties:

apps    sap.com    caf~runtime~ear   appcfg    Propertysheet application.global.properties

6.   Switch to Edit mode and change the value of the USE_NEW_KM_WEBSERVICES property to true.

  Note

You have to execute these steps for all of the client CAF AS Java of a particular KM AS Java.

Securing the Server on the KM Side

1.   Log on to the KM portal with http://<host>:<port>/irj.

2.   Navigate to System Administration   System Configuration    Service Configuration    Applications    sap.com~caf~km.ep.repmanager   Services  CAFRepManager    Configure.

3.   Change the disable_old_webservices property to true and choose Save.

4.   Go to sap.com~caf~km.ep.repmanager    Administrate and restart the application.

 

End of Content Area