Description
Course agenda
Course introduction
Duration: 30 minutes
Unit 1. Introduction to DataPower SOA Appliances
Duration: 1 hour
Learning objectives: After completing this unit, students should be able to:
• Describe and define the role of an SOA appliance
• Identify the products in the WebSphere DataPower SOA Appliance product
line
• Describe how to use WebSphere DataPower SOA Appliances in an
enterprise architecture
Unit 2. DataPower administration overview
Duration: 1 hour
Learning objectives: After completing this unit, students should be able to:
• List the methods that can be used to administer WebSphere DataPower
SOA Appliances
• Manage user accounts and domains on the appliance
• Work with files on the WebSphere DataPower SOA Appliance
Exercise 1. Exercises setup
Duration: 45 minutes
Learning objectives: After completing this exercise, students should be able
to:
• Import the files used in the exercises
• Install open source software such as cURL and OpenSSL
• Populate the table containing all of the port numbers
Unit 3. Introduction to XSL transformations
Duration: 1 hour
Learning objectives: After completing this unit, students should be able to:
• Describe the Extensible Stylesheet Language (XSL) model
• Construct XPath expressions
• Create XSL stylesheets to apply XSL transformations
• Use and apply XSL templates in XSLT
• Describe the use of DataPower variables and extensions in XSL
stylesheets
Exercise 2. Creating XSL transformations
Duration: 45 minutes
Learning objectives: After completing this exercise, students should be able
to:
• Create an XSL stylesheet
• Create an XML firewall service
• Transform an XML file using the compiled XSL stylesheet
• Describe the use of DataPower variables and extensions in XSL
stylesheets
Unit 4. DataPower services overview
Duration: 1 hour
Learning objectives: After completing this unit, students should be able to:
• List the supported services on the WebSphere DataPower SOA Appliance
• Compare and contrast the features supported by each WebSphere
DataPower service
Exercise 3. Creating a simple XML firewall
Duration: 45 minutes
Learning objectives: After completing this exercise, students should be able
to:
• Create an XML firewall
• Create a document processing policy with message schema validation and
transformation
• Test the message flow using the command line tool cURL
Unit 5. XML firewall service
Duration: 1 hour 15 minutes
Learning objectives: After completing this unit, students should be able to:
• List the features and functions of an XML firewall service
• Configure an XML firewall service on a WebSphere DataPower SOA
Appliance
Unit 6. Problem determination tools
Duration: 45 minutes
Learning objectives: After completing this unit, students should be able to:
• Capture information using system logs from messages passing through
the WebSphere DataPower SOA Appliance
• Configure a multistep probe to examine detailed information about
actions within rules
• List the problem determination tools available on the WebSphere
DataPower SOA Appliance
Exercise 4. Creating an advanced XML firewall
Duration: 2 hours
Learning objectives: After completing this exercise, students should be able
to:
• Create an XML firewall from a WSDL definition
• Configure a document processing policy with additional actions
• Configure content-based routing using a Route action
• Test the XML firewall policy using the command line tool cURL
• Perform basic debugging using the system log and multistep probe
Unit 7. Handling errors in a service policy
Duration: 10 minutes
Learning objectives: After completing this unit, students should be able to:
• Configure an On Error action in a service policy
• Configure an Error rule in a service policy
• Describe how On Error actions and Error rules are selected during
error handling
Exercise 5. Adding error handling to a service policy
Duration: 20 minutes
Learning objectives: After completing this exercise, students should be able
to:
• Configure a service policy with an On Error action
• Configure a service policy with an Error rule
Unit 8. DataPower cryptographic tools
Duration: 45 minutes
Learning objectives: After completing this unit, students should be able to:
• Generate cryptographic keys using the WebSphere DataPower tools
• Create a crypto identification credential object containing a matching
public and private key
• Create a crypto validation credential to validate certificates
• Set up certificate monitoring to ensure that certificates are up to
date
Exercise 6. Creating cryptographic objects
Duration: 30 minutes
Learning objectives: After completing this exercise, students should be able
to:
• Generate cryptographic keys using the WebSphere DataPower crypto
tools
• Upload key files to the WebSphere DataPower SOA Appliance
• Create a crypto identification credential using a crypto key object
• Validate certificates using a validation credential object
Unit 9. Securing connections using SSL
Duration: 45 minutes
Learning objectives: After completing this unit, students should be able to:
• Configure the WebSphere DataPower SOA Appliance to communicate using
SSL
• Associate an SSL proxy profile with keys and certificates
• Configure a user agent to initiate requests
Exercise 7. Securing connections using SSL
Duration: 1 hour
Learning objectives: After completing this exercise, students should be able
to:
• Create an SSL proxy profile to accept SSL connections from a client to
the WebSphere DataPower SOA Appliance
• Create an SSL proxy profile to initiate an SSL connection from the
WebSphere DataPower SOA Appliance to a back-end service
• Create a Hypertext Transfer Protocol (HTTP) service to handle HTTP
requests
Unit 10. XML threat protection
Duration: 45 minutes
Learning objectives: After completing this unit, students should be able to:
• Explain possible attack scenarios involved in XML-based applications
• Describe the various types of XML attacks
• Use the WebSphere DataPower SOA Appliance to protect against XML
attacks
Exercise 8. Protecting against XML threats
Duration: 30 minutes
Learning objectives: After completing this exercise, students should be able
to:
• Run a recursive entity attack simulation
• Perform a recursive entity threat protection test
• Enable excessive attribute count threat protection
• Enable SQL injection attack prevention
Unit 11. Web service proxy service
Duration: 1 hour
Learning objectives: After completing this unit, students should be able to:
• Describe the Web service proxy architecture
• List and explain the configuration steps needed to create a Web
service proxy
• Create and configure a Web service proxy policy at various levels of
the Web Services Description Language (WSDL) file
Exercise 9. Configuring a Web service proxy
Duration: 1 hour
Learning objectives: After completing this exercise, students should be able
to:
• Configure a WS-Proxy to virtualize an existing set of Web services
• Create a policy within the WS-Proxy
Unit 12. XML and Web services security overview
Duration: 45 minutes
Learning objectives: After completing this unit, students should be able to:
• Describe the features of the WS-Security specification
• Enable message confidentiality using XML Encryption
• Provide message integrity using XML Signature
Exercise 10. Web service encryption and digital signatures
Duration: 1 hour
Learning objectives: After completing this exercise, students should be able
to:
• Create an XML firewall to generate a message with XML encryption
• Create an XML firewall to generate a message with an XML digital
signature
• Perform field-level encryption and decryption on XML messages
• Create a rule to decrypt messages and verify digital signatures
contained in a message within a Web service proxy policy
Unit 13. Authentication, authorization, and auditing (AAA)
Duration: 1 hour
Learning objectives: After completing this unit, students should be able to:
• Describe the authentication, authorization, and auditing framework
within the WebSphere DataPower SOA Appliance
• Explain the purpose of each step in an access control policy
• Authenticate and authorize Web service requests with:
• WS-Security Username and binary security tokens
• HTTP Authorization header claims
• Security Assertion Markup Language (SAML) assertions
Exercise 11. Web service authentication and authorization
Duration: 1 hour
Learning objectives: After completing this exercise, students should be able
to:
• Configure an action to enforce authentication and authorization
policies
• Configure an action to verify an SAML assertion token for
authentication and authorization purposes
Unit 14. Configuring LDAP using AAA
Duration: 30 minutes
Learning objectives: After completing this unit, students should be able to:
• Describe the fundamentals of configuring the Lightweight Directory
Access Protocol (LDAP) and deploying directory services
• Authenticate and authorize user credentials using LDAP by creating a
AAA policy
Exercise 12. Creating a AAA policy using LDAP
Duration: 45 minutes
Learning objectives: Aft