Before the Security Policy Enforcement Point (PEP) sample flow can be deployed, four security profiles must be created in the integration node. The following section provides two methods for creating the required security profiles. You can either import the sample and run the scripts provided or, you can run the integration node commands manually and use the import and deploy action, provided in this topic.
When you have finished with the sample, you can remove the configurable properties, see Removing the security profile configurable services.
To create the security profiles follow these steps:
mqsireportproperties IB9NODE -c SecurityProfiles -o AllReportableEntityNames -r
To create the security profiles follow these steps:
mqsicreateconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_HTTP_UPA1_EMUL -n authentication,authenticationConfig -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
mqsicreateconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_PEP_UPA1A2_EMUL -n authentication,authenticationConfig,authorization,authorizationConfig -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator", "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
mqsicreateconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_PEP_MAPUP2SAML2.0_EMUL -n mapping,mappingConfig -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
mqsicreateconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_HTTP_SAMLA1_EMUL -n authentication,authenticationConfig -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
mqsireportproperties IB9NODE -c SecurityProfiles -o AllReportableEntityNames -r
The import and deploy option imports the sample files into your workspace and deploys the sample to the integration server SecurityPEPNodeSampleExecutionGroup. This option also sets up additional resources for the sample, for example WebSphere MQ queues.
You can import and deploy a sample only when you use the information center that is integrated with the IBM Integration Toolkit.
After you have deployed the sample, you can run the Security Policy Enforcement Point (PEP) sample, see Running the Security Policy Enforcement Point (PEP) sample.
When you have finished with the sample, you can remove the security profile configurable services by running the following commands:
mqsideleteconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_HTTP_SAMLA1_EMUL mqsideleteconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_HTTP_UPA1_EMUL mqsideleteconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_PEP_MAPUP2SAML2.0_EMUL mqsideleteconfigurableservice IB9NODE -c SecurityProfiles -o PEPSAMPLE_PEP_UPA1A2_EMUL
You can also delete the security profile configurable services by using the Security Profiles editor in the IBM Integration Explorer, see Deleting a configurable service in the IBM Integration Bus documentation.