Running the Security Policy Enforcement Point (PEP) sample

Before you can deploy the sample, you must have created the security profiles, as detailed in Setting up the Security Policy Enforcement Point (PEP) sample. When the security profiles have been created, you can deploy and run the sample.

You can run the sample by using the following input messages:

Run the Security Policy Enforcement Point (PEP) sample with a TestMessge_UP_A1A2.xml input message

The Security Policy Enforcement Point (PEP) sample demonstrates how a user name and password identity in the input message can be authenticated and authorized at a SecurityPEP node.

  1. In the Application Development view, expand SecurityPEPNodeSampleApplicationProject > Flow Tests and double-click SecurityPEPNodeSampleFlow_UP_A1A2.mbtest to open the file in the Test Client.
  2. In the Events tab, click Send Message. This message is sent to the HTTP_ID HTTPInput node.
  3. The expected output message is: 
    <?xml version="1.0" encoding="UTF-8"?>
<Envelope>
<Body>
<MessageIdentity>
<Username>broker01</Username>
<Password>password01</Password>
<IssuedBy>Issuer1</IssuedBy>
<DemonstrateTokenType>UP</DemonstrateTokenType>
<Status>UPA1A2_Successful</Status>
</MessageIdentity>
</Body>
</Envelope>

Run the Security Policy Enforcement Point (PEP) sample with a TestMessage_UPA1_MAP2SAML2.0_A1.xml input message

The Security Policy Enforcement Point (PEP) sample demonstrates how a user name and password identity in the input message can be authenticated at an HTTPInput node and mapped to SAML 2.0

In a message, the mapped SAML 2.0 content is forwarded to a service that is implemented in another message flow that contains a SecurityPEP node that invokes validation of the SAML content.

  1. In the Application Development view, expand SecurityPEPNodeSampleApplicationProject > Flow Tests and double-click SecurityPEPNodeSampleFlow_UPA1_MAP2SAML2_A1.mbtest to open the file in the Test Client.
  2. In the Events tab, click Send Message. The message is sent to the HTTP_ID HTTPInput node.
  3. The expected output message is: 
    <SAML>
<Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
xmlns:xs="http://www.w3.org/2001/XMLSchema" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
ID="Assertion-uuidfb27f9fa-0127-1712-b05a-9d8ed95980ec" 
IssueInstant="2010-04-14T07:10:53Z" Version="2.0">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
UsernamePasswordToSAML2.0
</saml:Issuer>
<saml:Subject>
<saml:NameID>NewPwd1</saml:NameID>
</saml:Subject>
<saml:Conditions NotBefore="2010-04-14T07:00:53Z" 
NotOnOrAfter="2010-04-15T07:10:53Z">
<saml:AudienceRestriction>
<saml:Audience>PEP_UP2SAML2</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2010-04-14T07:10:53Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:Password
</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="FirstName">
<saml:AttributeValue xsi:type="xs:string">
FirstNameHere
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Surname">
<saml:AttributeValue  xsi:type="xs:string">
SurnameHere
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</Assertion>
<Status>SAMLA1 Successful</Status>
</SAML>

Run the Security Policy Enforcement Point (PEP) sample with a TestMessage_UP_A1_failure.xml input message.

The Security Policy Enforcement Point (PEP) sample demonstrates how a security failure, caused by the input message containing an unknown identity, is handled.

If you want to extend the sample to interact with your security trust server, for example a TFIM server, you must first configure the sample to use the server. To configure the sample to use an external system, see Extending the Security Policy Enforcement Point (PEP) sample.

Back to sample home