Validating your configuration of CICS for SAML

A sample is provided, which you can use to verify that CICS® is configured correctly for SAML. Two programs are provided, which can be compiled and then invoked through a transaction.

Before you begin

You must configure your JVM server, as described in Configuring CICS for SAML.

About this task

A sample is provided in CSD group DFH$SAML, which contains a program definition for sample programs, a transaction, and a template. You can use this sample to validate your configuration. When you compile and deploy the sample application, it provides an example SAML token assertion to be processed by the CICS security token extensions. The application is started by a CICS transaction.

Procedure

  1. Optional: If you customized and installed a JVM server with a name other than DFHXSTS, update program DFH0XST2 to reflect the new server name.
  2. Compile the programs DFH0XST1 and DFH0XST2, which are in the samples library, SDFHSAMP. For information about compiling COBOL programs, see Batch compilation for COBOL programs.
  3. Install the group DFH$SAML in a region that calls the DFHSAML program.
  4. Run transaction XST1.

Results

If the sample transaction XST1 runs successfully, SAML support is configured correctly.

The sample outputs the parsed containers into TSQ DFH0XSTO.

To look at these containers use CEBR DFH0XSTO.

If the installation validation is not successful, the DFHSAML-RESPONSE container contains a return code that indicates the reason. For more information about container response codes, see SAML support containers.

If an abend code is returned read the sample for further information.

What to do next

  • You can replace the sample SAML token with your own. Create and install a DOCTEMPLATE resource definition that names the file that contains your SAML token. Specify this DOCTEMPLATE 48-byte TEMPLATENAME after the transaction identifier when you run the sample: 
    XST1 templatename
    If no templatename is specified, the default TEMPLATENAME of DFH0XSTI is used.
  • If you want to use signature validation, update program DFH0XST2. For more information, see the comments within that program.