Setting up the Security Policy Enforcement Point (PEP) sample

Before the Security Policy Enforcement Point (PEP) sample flow can be deployed, four security profiles must be created in the integration node. The following section provides two methods for creating the required security profiles. You can either import the sample and run the scripts provided or, you can run the integration node commands manually and use the import and deploy action, provided in this topic.

When you have finished with the sample, you can remove the configurable properties, see Removing the security profile configurable services.

If you have imported the sample:

To create the security profiles follow these steps:

  1. Open the command console for the IBM Integration Bus runtime.
  2. The batch files to create the security profiles are set up in SecurityProfiles in the SecurityPEPNodeSampleApplicationProject project.
  3. To ensure that the profiles have been successfully created, run the following command: 
    mqsireportproperties IB9NODE -c SecurityProfiles -o AllReportableEntityNames -r
  4. You must create an integration server named SecurityPEPNodeSampleExecutionGroup, and deploy the SecurityPEPNodeSample.bar BAR file.

If you want to use the import and deploy option to use the sample:

To create the security profiles follow these steps:

  1. Open the command console for the IBM Integration Bus runtime.
  2. Use the following commands to create the security profiles: 
    mqsicreateconfigurableservice IB9NODE -c SecurityProfiles 
-o PEPSAMPLE_HTTP_UPA1_EMUL -n authentication,authenticationConfig 
-v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
    mqsicreateconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_PEP_UPA1A2_EMUL 
-n authentication,authenticationConfig,authorization,authorizationConfig 
-v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator",
"WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
    mqsicreateconfigurableservice IB9NODE -c SecurityProfiles 
-o PEPSAMPLE_PEP_MAPUP2SAML2.0_EMUL -n mapping,mappingConfig -v 
"WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
    mqsicreateconfigurableservice IB9NODE -c SecurityProfiles 
-o PEPSAMPLE_HTTP_SAMLA1_EMUL -n authentication,authenticationConfig 
-v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
  3. To ensure that the profiles have been successfully created, run the following command: 
    mqsireportproperties IB9NODE -c SecurityProfiles -o AllReportableEntityNames -r
  4. You can now import and deploy the sample by clicking the following link.

    The import and deploy option imports the sample files into your workspace and deploys the sample to the integration server SecurityPEPNodeSampleExecutionGroup. This option also sets up additional resources for the sample, for example WebSphere MQ queues.

    You can import and deploy a sample only when you use the information center that is integrated with the IBM Integration Toolkit.

After you have deployed the sample, you can run the Security Policy Enforcement Point (PEP) sample, see Running the Security Policy Enforcement Point (PEP) sample.

Removing the security profile configurable services

When you have finished with the sample, you can remove the security profile configurable services by running the following commands:

mqsideleteconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_HTTP_SAMLA1_EMUL
mqsideleteconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_HTTP_UPA1_EMUL
mqsideleteconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_PEP_MAPUP2SAML2.0_EMUL
mqsideleteconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_PEP_UPA1A2_EMUL

You can also delete the security profile configurable services by using the Security Profiles editor in the IBM Integration Explorer, see Deleting a configurable service in the IBM Integration Bus documentation.

Back to sample home