Security Policy Enforcement Point (PEP) sample

The Security Policy Enforcement Point (PEP) sample demonstrates how to use the SecurityPEP node as the Policy Enforcement Point in a message flow. The SecurityPEP node enables authentication and authorization of user name and password tokens, and mapping to a SAML 2.0 assertion for a service request.

This sample contains a message flow that emulates the invoked WS-Trust v1.3 Security Token Server, STS, and security operations.

You can extend the sample by setting up IBM Tivoli Federated Identity Manager (TFIM) v6.2 as the external WS-Trust v1.3 STS for the sample, see Extending the Security Policy Enforcement Point (PEP) sample.

This sample also includes step-by-step information so that you can set up TFIM as the external security provider for the authentication, authorization, and mapping of the security operations.

You can either import the sample, set up the security profiles, and then deploy the sample, or you can set up the security profiles, and then import and deploy the sample.

Before the sample is deployed to the integration node, you must create the integration node security profiles, see Setting up the Security Policy Enforcement Point (PEP) sample.

NOTE: In WebSphere Message Broker Version 8.0 or IBM Integration Bus V9.0 and later, message model schema files contained in libraries are the preferred way to model messages for most data formats, including the new DFDL domain. Message sets continue to be supported, and are required if you use the MRM or IDOC domains. You can continue to import and deploy message sets for use in message flows. However, if you need to create one or more message sets, message definitions, or message categories when using this sample, you must first enable message set development in the IBM Integration Toolkit. For more information, see Enabling message set development in the IBM Integration Bus documentation.

Click the following links to find out more about the sample and how to run the sample by using the wizards.

Import and deploy: 5 minutes

Read about the sample

You can import the sample by clicking the following link:

• Import the sample

  This option imports the sample files into your workspace. Note: Before you deploy the sample, you must complete the additional manual setup steps required to configure the sample for testing.

Setup instructions You can complete this task after you have used the import option for the sample. Note: You must complete these steps before you can deploy the sample.

You can import a sample only when you use the information center that is integrated with the IBM Integration Toolkit.

Run the sample

Extend the sample

When you have finished with the sample, you can remove it in one of the following ways:

• Remove the sample from the integration node, but leave its resources in the workspace
• Remove the sample from the integration node and the workspace

When you have finished with the sample, you can also delete the security profile configurable services, see Removing the security profile configurable services.