Configuring the SecurityPEP node
Configure the SecurityPEP node to run the message flow security manager at any point in the message flow.
About this task
When you have put an instance of the SecurityPEP node into a message flow, you can configure it; see Configuring a message flow node. The properties of the node are displayed in the Properties view. All mandatory properties that do not have a default value defined are marked with an asterisk.
To configure the SecurityPEP node, set the following properties.
Procedure
- Optional: On the Description tab, enter a Short description, a Long description, or both. You can also rename the node on this tab.
- On the Basic tab, set values for
the properties that control the extraction of an identity or security
token from a message (when a security profile is associated with the
node).
- Select an option from the Identity
token type list to specify the type of identity in the incoming
message tree. If you leave this option to the default (Current token), the token type
that exists in the identity mapped or source field in the Properties
folder is used.
If Current token is selected, the Identity token location and Identity password location fields are disabled.
- In Identity token location,
enter the XPath expression, ESQL field reference, or string literal
that specifies where, in the message, the identity or token is located.
If you use a string literal, it must be enclosed in single quotes
and must not contain a period (.),
This property is disabled if the Identity token type property is set to Current token.
- In Identity password location,
enter the XPath expression, ESQL field reference, or string literal
that specifies where, in the message, the password can be found. If
you use a string literal, it must be enclosed in single quotes and
must not contain a period (.),
This option can be set only if the Identity token type is set to Username + Password.
This property is disabled if the Identity token type property is set to Current token.
- In Identity issuedBy location,
specify an XPath expression, an ESQL field reference, or a string
literal that specifies the location in the message of the issuer value.
If you use a string literal, it must be enclosed in single quotes
and must not contain a period (.),
If the associated security profile specifies a WS-Trust v1.3 STS provider (for example, TFIM V6.2) and this field is left blank, no WS-Trust Issuer.Address element is included in the WS-Trust request.
- Select an option from the Identity
token type list to specify the type of identity in the incoming
message tree. If you leave this option to the default (Current token), the token type
that exists in the identity mapped or source field in the Properties
folder is used.
- On the Advanced tab, set the properties
to override the default settings for a WS-Trust v1.3 STS. These properties
can be set only if the security profile associated with the SecurityPEP node specifies
a WS-Trust v1.3 STS.
- Use the WS-Trust Applies-To Address property
to specify the Address for the /wst:RequestSecurityToken/wsp:AppliesTo element
of the WS-Trust message. You can use this property to provide the
URI of the service for which the security token is to be validated
or issued.
You can specify this value as an ESQL field reference, an XPath expression, or a string literal. If you use a string literal, it must be enclosed in single quotes and must not contain a period (.),
By default, this value is a URI for the fully qualified name of the message flow, in the form uri:Brokername.Integration Server Name.Message Flow Name
- Use the WS-Trust Applies-To Service property
to specify the Service Name for the /wst:RequestSecurityToken/wsp:AppliesTo element
of the WS-Trust message. You can use this property to provide the
Service Name of the service for which the security token is to be
validated or issued.
You can specify this value as an ESQL field reference, an XPath expression, or a string literal. If you use a string literal, it must be enclosed in single quotes and must not contain a period (.),
By default, this value is left blank, which means that the WS-Trust request will not include this element.
- Use the WS-Trust Applies-To PortType property
to specify the Port Type for the /wst:RequestSecurityToken/wsp:AppliesTo element
of the WS-Trust message. You can use this property to provide the
Port Type of the service for which the security token is to be validated
or issued.
You can specify this value as an ESQL field reference, an XPath expression, or a string literal. If you use a string literal, it must be enclosed in single quotes and must not contain a period (.),
- Use the WS-Trust Applies-To Address property
to specify the Address for the /wst:RequestSecurityToken/wsp:AppliesTo element
of the WS-Trust message. You can use this property to provide the
URI of the service for which the security token is to be validated
or issued.