To integrate CAF and KM systems, you use the Document and DocContent data services from CAF. By default, access to these services is not sufficiently protected. This means that any user, who successfully authenticated to AS Java, can potentially access the metadata of deployed CAF applications, as well as to the web services used for integration with KM in an undesired way.
To secure the access to the data services used in the integration scenario, we strongly recommend that you follow the configuration procedures below. The configuration procedure does not interrupt the operation of your CAF applications..
...
1. Log on to the CAF AS Java Visual Administrator.
2. Choose Cluster → Server → Services → Security Provider → Runtime → Policy Configuration.
3. Select the sap.com/caf~runtime~ear*CAFDataService_config component.
4. Set Authentication → Authentication template to no.
5. Add EvaluateAssertionTicketLoginModule. Modify it in the following way:
a. Set Position to 1.
b. Set Flag to SUFFICIENT.
c. Copy all the options from the EvaluateTicketLoginModule.
You have to execute these steps for all of the client CAF AS Java of a particular KM AS Java.
...
1. Log on to the KM AS Java Visual Administrator tool.
2. Go to Cluster → Server → Services → Destinations → Runtime → Destinations/Web Service → sap.com/caf~km.proxies/com.sap.caf.proxies.CAFDataService/ConfigPort_Rpc_enc.
3. Set Authentication to Assertion Ticket.
...
1. Log on to the CAF AS Java Visual Administrator tool.
2. Navigate to Cluster → Server → Services → Security Provider → Runtime → Policy Configuration.
3. Set Authentication → Authentication template to evaluate_assertion_ticket for the following components:
¡ sap.com/caf~km.ep.kmcollaborationsvc*KMCollaborationSvcStrdWS_Config1
¡ sap.com/caf~km.ep.kmindexsearchsvc*KMIndexSvcStdrWS_Config1
¡ sap.com/caf~km.ep.kmnodesvc*KMBaseServiceStdrWS_Config1
¡ sap.com/caf~km.ep.kmnodesvc*KMNodeServiceSnrdWS_Config1
¡ sap.com/caf~km.ep.kmnodesvc*KMNodeServiceStrdWS_Config1
¡ sap.com/caf~km.ep.kmnodesvc*KMRelationSvcStdrWS_Config1
¡ sap.com/caf~km.ep.kmnotifsvc*KMNotificationSvcStrdWS_Config1
¡ sap.com/caf~km.ep.uploadsvc*CleanJobSnrdWS_Config1
¡ sap.com/caf~runtime~ear*CAFDataService_config
You have to execute these steps for all of the client CAF AS Java of a particular KM AS Java.
1. Log on to KM AS Java Visual Administrator.
2. Navigate to Cluster → Server → Services → Security Provider → Runtime → Policy Configuration.
3. Set Authentication → Authentication template to evaluate_assertion_ticket for the following components:
○ sap.com/caf~km.ep.kmcollaborationsvc*KMCollaborationSvcStrdWS_Config1
○ sap.com/caf~km.ep.kmindexsearchsvc*KMIndexSvcStdrWS_Config1
○ sap.com/caf~km.ep.kmnodesvc*KMBaseServiceStdrWS_Config1
○ sap.com/caf~km.ep.kmnodesvc*KMNodeServiceSnrdWS_Config1
○ sap.com/caf~km.ep.kmnodesvc*KMNodeServiceStrdWS_Config1
○ sap.com/caf~km.ep.kmnodesvc*KMRelationSvcStdrWS_Config1
○ sap.com/caf~km.ep.kmnotifsvc*KMNotificationSvcStrdWS_Config1
○ sap.com/caf~km.ep.uploadsvc*CleanJobSnrdWS_Config1
○ sap.com/caf~runtime~ear*CAFDataService_config
...
1. Log on to the CAF AS Java Visual Administrator tool.
2. Navigate to Cluster → Server → Services → Destinations → Runtime → Destinations/Web Service.
3. Set authentication to Assertion Ticket for all of the following destinations:
○ sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.index.KMIndexSvc/Config1Port_Document
○ sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmbasesvc.KMBasesvc/Config1Port_Document
○ sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmcleanjob.CleanJobSvc/Config1Port_Document
○ sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmcoll.KMCollaborationSvc/Config1Port_Document
○ sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmnode.KMNodeService/Config1Port_Document
○ sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmnotif.KMNotificationSvc/Config1Port_Document
○ sap.com/caf~km.proxies/com.sap.caf.km.proxies.strdsvc.kmrelation.KMRelationSvc/Config1Port_Document
4. Navigate to Cluster → Server → Services → Configuration Adapter → Runtime → Display Configuration.
5. Navigate to the application configuration properties:
apps → sap.com → caf~runtime~ear → appcfg → Propertysheet application.global.properties
6. Switch to Edit mode and change the value of the USE_NEW_KM_WEBSERVICES property to true.
You have to execute these steps for all of the client CAF AS Java of a particular KM AS Java.
1. Log on to the KM portal with http://<host>:<port>/irj.
2. Navigate to System Administration → System Configuration → Service Configuration → Applications → sap.com~caf~km.ep.repmanager → Services → CAFRepManager → Configure.
3. Change the disable_old_webservices property to true and choose Save.
4. Go to sap.com~caf~km.ep.repmanager → Administrate and restart the application.