SAML sample programs

CICS® provides two COBOL programs and other necessary CICS artefacts as part of a SAML sample that you can use to verify that CICS is configured correctly for SAML. The COBOL programs can be compiled and then invoked through a transaction for validating your configuration.

About the SAML sample

The SAML sample is provided in CSD group DFH$SAML, which contains a program definition for sample programs, a transaction, and a template. You can use this sample to validate your configuration. When you compile and deploy the sample application, it provides an example SAML token assertion to be processed by the CICS security token extensions. The application is started by a CICS transaction.

The two COBOL sample programs for the SAML sample are in the samples library SDFHSAMP.

Prerequisites for the SAML sample

You must configure your JVM server for SAML. For instructions, see Configuring CICS for SAML.

Setting up the SAML sample

  1. If you customized and installed a JVM server with a name other than DFHXSTS, update program DFH0XST2 to reflect the new server name.
  2. Compile the programs DFH0XST1 and DFH0XST2. For information about compiling COBOL programs, see Batch compilation for COBOL programs.
  3. Install the group DFH$SAML in a region that calls the DFHSAML program.

Running the SAML sample

You can run transaction XST1 to validate your CICS configuration for SAML.

Results:

If the sample transaction XST1 runs successfully, SAML support is configured correctly.

The sample generates the parsed containers into TSQ DFH0XSTO.

To view these containers, use CEBR DFH0XSTO.

If the installation validation is not successful, the DFHSAML-RESPONSE container contains a return code that indicates the reason. For more information about container response codes, see SAML support containers.

If an abend code is returned, read the sample for further information.

Extending the SAML sample

You can replace the sample SAML token with your own. Create and install a DOCTEMPLATE resource definition that names the file that contains your SAML token. Specify this DOCTEMPLATE's 48-byte TEMPLATENAME after the transaction identifier when you run the sample:

XST1 templatename

If no templatename is specified, the default TEMPLATENAME of DFH0XSTI is used.

If you want to use signature validation, update program DFH0XST2. For more information, see the comments within that program.