Setting up the Security Policy Enforcement Point (PEP) sample

Before the Security Policy Enforcement Point (PEP) sample flow can be deployed, four security profiles must be created in the Broker. The following section provides two methods for creating the required security profiles. You can either import the sample and run the scripts provided or, you can run the Broker commands manually and use the import and deploy action, provided in this topic.

When you have finished with the sample, you can remove the configurable properties, see Removing the security profile configurable services.

If you have imported the sample:

To create the security profiles follow these steps:

  1. Open the command console for the broker runtime.
  2. The batch files to create the security profiles are set up in SecurityProfiles in the SecurityPEPNodeSampleApplicationProject project.
  3. To ensure that the profiles have been successfully created, run the following command:
    mqsireportproperties MB8BROKER -c SecurityProfiles -o AllReportableEntityNames -r
    
  4. You must create an execution group named SecurityPEPNodeSampleExecutionGroup, and deploy the SecurityPEPNodeSample.bar BAR file.

If you want to use the import and deploy option to use the sample:

To create the security profiles follow these steps:

  1. Open the command console for the broker runtime.
  2. Use the following broker commands to create the security profiles:
    mqsicreateconfigurableservice MB8BROKER -c SecurityProfiles 
    -o PEPSAMPLE_HTTP_UPA1_EMUL -n authentication,authenticationConfig 
    -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
    mqsicreateconfigurableservice MB8BROKER -c SecurityProfiles -o PEPSAMPLE_PEP_UPA1A2_EMUL 
    -n authentication,authenticationConfig,authorization,authorizationConfig 
    -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator",
    "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
    mqsicreateconfigurableservice MB8BROKER -c SecurityProfiles 
    -o PEPSAMPLE_PEP_MAPUP2SAML2.0_EMUL -n mapping,mappingConfig -v 
    "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
    mqsicreateconfigurableservice MB8BROKER -c SecurityProfiles 
    -o PEPSAMPLE_HTTP_SAMLA1_EMUL -n authentication,authenticationConfig 
    -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
    			
  3. To ensure that the profiles have been successfully created, run the following command:
    mqsireportproperties MB8BROKER -c SecurityProfiles -o AllReportableEntityNames -r
    
  4. You can now import and deploy the sample by clicking the following link.

    The import and deploy option imports the sample files into your workspace and deploys the sample to the broker execution group SecurityPEPNodeSampleExecutionGroup. This option also sets up additional resources for the sample, for example WebSphere MQ queues.

    You can import and deploy a sample only when you use the information center that is integrated with the WebSphere Message Broker Toolkit.

After you have deployed the sample, you can run the Security Policy Enforcement Point (PEP) sample, see Running the Security Policy Enforcement Point (PEP) sample.

Removing the security profile configurable services

When you have finished with the sample, you can remove the security profile configurable services by running the following commands:

mqsideleteconfigurableservice MB8BROKER  -c SecurityProfiles -o PEPSAMPLE_HTTP_SAMLA1_EMUL
mqsideleteconfigurableservice MB8BROKER  -c SecurityProfiles -o PEPSAMPLE_HTTP_UPA1_EMUL
mqsideleteconfigurableservice MB8BROKER  -c SecurityProfiles -o PEPSAMPLE_PEP_MAPUP2SAML2.0_EMUL
mqsideleteconfigurableservice MB8BROKER  -c SecurityProfiles -o PEPSAMPLE_PEP_UPA1A2_EMUL

You can also delete the security profile configurable services by using the Security Profiles editor in the WebSphere Message Broker Explorer, see Deleting a configurable service in the WebSphere Message Broker documentation.

Back to sample home