Before the Security Policy Enforcement Point (PEP) sample flow can be deployed, four security profiles must be created in the Broker. The following section provides two methods for creating the required security profiles. You can either import the sample and run the scripts provided or, you can run the Broker commands manually and use the import and deploy action, provided in this topic.
When you have finished with the sample, you can remove the configurable properties, see Removing the security profile configurable services.
To create the security profiles follow these steps:
mqsireportproperties MB8BROKER -c SecurityProfiles -o AllReportableEntityNames -r
To create the security profiles follow these steps:
mqsicreateconfigurableservice MB8BROKER -c SecurityProfiles -o PEPSAMPLE_HTTP_UPA1_EMUL -n authentication,authenticationConfig -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
mqsicreateconfigurableservice MB8BROKER -c SecurityProfiles -o PEPSAMPLE_PEP_UPA1A2_EMUL -n authentication,authenticationConfig,authorization,authorizationConfig -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator", "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
mqsicreateconfigurableservice MB8BROKER -c SecurityProfiles -o PEPSAMPLE_PEP_MAPUP2SAML2.0_EMUL -n mapping,mappingConfig -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
mqsicreateconfigurableservice MB8BROKER -c SecurityProfiles -o PEPSAMPLE_HTTP_SAMLA1_EMUL -n authentication,authenticationConfig -v "WS-Trust v1.3 STS","http://localhost:7080/SecurityPEPNodeSample/STSEmulator"
mqsireportproperties MB8BROKER -c SecurityProfiles -o AllReportableEntityNames -r
The import and deploy option imports the sample files into your workspace and deploys the sample to the broker execution group SecurityPEPNodeSampleExecutionGroup. This option also sets up additional resources for the sample, for example WebSphere MQ queues.
You can import and deploy a sample only when you use the information center that is integrated with the WebSphere Message Broker Toolkit.
After you have deployed the sample, you can run the Security Policy Enforcement Point (PEP) sample, see Running the Security Policy Enforcement Point (PEP) sample.
When you have finished with the sample, you can remove the security profile configurable services by running the following commands:
mqsideleteconfigurableservice MB8BROKER -c SecurityProfiles -o PEPSAMPLE_HTTP_SAMLA1_EMUL mqsideleteconfigurableservice MB8BROKER -c SecurityProfiles -o PEPSAMPLE_HTTP_UPA1_EMUL mqsideleteconfigurableservice MB8BROKER -c SecurityProfiles -o PEPSAMPLE_PEP_MAPUP2SAML2.0_EMUL mqsideleteconfigurableservice MB8BROKER -c SecurityProfiles -o PEPSAMPLE_PEP_UPA1A2_EMUL
You can also delete the security profile configurable services by using the Security Profiles editor in the WebSphere Message Broker Explorer, see Deleting a configurable service in the WebSphere Message Broker documentation.