TEC Workbook - IBM
TEC Workbook - IBM
TEC Workbook - IBM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
__3. Double click the yellow outlined AAA action to configure it.<br />
__4. The AAA processing action references an AAA Policy. Click the plus (+) sign next to the<br />
AAA Policy dropdown to create a new AAA policy.<br />
__5. For the AAA Policy Name, type: MyAaaPolicy<br />
__6. Click the Create button.<br />
<strong>IBM</strong> Software<br />
The next page identifies how to extract the user’s identity (and optionally password) from the message.<br />
For this exercise, we’ll indicate that the identity will be in a WS-Security Username Token element.<br />
__7. Select: Password-carrying UsernameToken Element from WS-Security Header.<br />
__8. Click the Next button.<br />
Now you’ll identify how to authenticate the user.<br />
__9. Select: Bind to Specified LDAP Server. When you make the selection, LDAP specific<br />
configuration parameters will be displayed.<br />
__10. In the Host field, type: demoserver<br />
__11. Change the LDAP version to: v3<br />
__12. In the LDAP Suffix field, carefully type: ou=members,ou=datapower,dc=ibmdemo,dc=com<br />
__13. Click the Next button.<br />
Now you will define how to extract the resource. Since the message is a SOAP request, you can expect<br />
that the first element in the SOAP body contains the operation being requested. In XPath terms, this is<br />
referred to as the Local Name of the Request Element.<br />
__14. In the Extract Resource form, check: Local Name of Request Element<br />
__15. Click the Next button.<br />
__16. For the authorization phase, leave the default set to: Allow Any Authenticated Client.<br />
__17. Click the Next button.<br />
The last page of the AAA policy configuration wizard gives you the options of performing various post<br />
processing tasks. One powerful post-processing task is to perform security protocol mediation such as<br />
creating a Kerberos/SPNEGO token or generating a signed SAML assertion. For this lab, just leave<br />
everything with the default values.<br />
__18. Click the Commit button to save the new AAA policy.<br />
__19. Click the Done button to dismiss the success window.<br />
__20. Make sure MyAaaPolicy is selected in the AAA Policy field, and then click Done.<br />
Lab 4 - Access Control Framework Page 71