To configure CICS® to
use SAML, first configure the JVM server by customizing and installing
the sample JVM server profile, then install the CSD group in the appropriate CICS regions.
Before you begin
You must identify the regions where you want to deploy the CICS Security Token Service (STS).
Install the STS in regions without any application code. If you have
application code in the region where you will be validating your SAML
token, define the STS remotely. You might also choose to define the
region remotely if you prefer to separate regions that run Java™ code from other regions. Another
reason for having a separate region for the STS is that you could
define that region with its own keyring, which contains only those
certificates that are required for signature validation and signing
SAML tokens.
About this task
CICS provides
a linkable interface called DFHSAML. The interface
allows CICS web services pipelines
and applications to validate and extract information
from SAML assertions. CICS support
for SAML requires a JVM server that is installed and
configured on your system.
Procedure
-
Create a JVM server profile for the JVM server.
You
can copy the appropriate supplied profile, DFHJVMST, from the installation
directory to the directory that is specified by the JVMPROFILEDIR system
initialization parameter.
- Install CSD group DFHSAML in the chosen configuration:
- Install DFHSAML in the region that is chosen to run
the STS.
- If you want to use SAML remotely, define a remote program
definition for DFHSAML pointing to the region that runs the STS.
Note: If you are using your own JVM server definition, copy
DFHSAML, customize this group, and install the customized group instead
of the DFHSAML group. The new group must point to your own JVM server
definition. All programs that call the security token extensions support
must create DFHSAML JVMSERVER containers with the name of their JVM
server.
Results
CICS is configured
for SAML.
What to do next
You can validate your configuration, as described in Validating your configuration of CICS for SAML.