Platform - Using and Configuring

®
Lab Exercises
Configuring HTTP transformation feature
Course code LIL0270X
IBM Training
December 2017 edition
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any reference to an IBM product, program,
or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent
product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this
document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local
law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;
these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an
endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those
websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other
claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those
products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible,
the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to
the names and addresses used by an actual business enterprise is entirely coincidental.
TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, and/or other countries.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used
under license therefrom.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and
Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
IT Infrastructure Library is a Registered Trade Mark of AXELOS Limited.
ITIL is a Registered Trade Mark of AXELOS Limited.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and
other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries,
or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
© Copyright International Business Machines Corporation 2017.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Lab environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Lab startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Exercise 1 Configuring a standard junction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Exercise 2 Modifying a request URI using HTTP Transformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Exercise 3 Adding a response header by using HTTP Transformation . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Exercise 4 Adding a cookie by using HTTP Transformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
© Copyright IBM Corp. 2017 iii

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Lab environment
The following two virtual machines are used to perform the exercises in this lab:
1. Access Manager Appliance VM
This primary VM hosts the IBM Access Manager (IAM) V9.0.3 appliance.
2. Windows VM
This Windows 2008 server VM hosts the resources required to demonstrate various Access
Manager scenarios. The users log on to this system to perform the lab exercises.
The major deployment components of the lab are summarized in the following diagram.
Use the information in the following tables to log on to the lab systems.
System details IP Address Host name

Appliance VM 192.168.42.191 iam.ibmemm.edu
Management interface
Windows VM 192.168.42.192 winagent.ibmemm.edu
Appliance VM 192.168.42.193 www.ibmemm.edu
Application interface
© Copyright IBM Corp. 2017 1

V7.0
Lab environment
Lab startup
Uempty
Application/Server User Password
IAM Appliance login admin P@ssw0rd
Windows VM login IBMEMM\Administrator P@ssw0rd
Appliance dashboard admin P@ssw0rd
https://iam.ibmemm.edu
Lab startup
If the systems are not already powered on and available, complete these steps to start the systems:
1. Power on the iam and winagent VMs using the Play button as shown below.
Note: The startup order is not important.
2. Log in to the winagent VM as IBMEMM\Administrator and password P@ssw0rd.
3. Optionally, log in to the iam VM as admin and password P@ssw0rd.
Note: You do not need to log in to the iam VM as you are performing all exercises using the
winagent VM.

V7.0
Exercises
Exercise 1 Configuring a standard junction
Uempty
Exercises
You can modify HTTP requests and responses as they pass through the reverse proxy (WebSEAL)
with HTTP transformation rules. WebSEAL allows the following request and response
transformations.
• Adding, modifying or deleting an HTTP header
• Adding, modifying or deleting a cookie
• Modifying URI, authorization object name or method (request only)
• Modifying HTTP version, status code or a body
The HTTP requests and responses received by the reverse proxy are expressed as XML objects.
The reverse proxy uses Extensible Style-sheet Language (XSL) transformation (XSLT) rules to
transform the XML objects.
In this lab, you configure HTTP transformation rules to modify HTTP requests and responses
passing through the reverse proxy junctions.
Important: To save time, the Access Manager appliance is already populated with users that are
used in the lab. The reverse proxy instance rp1 is also configured.

In this exercise, you create a standard TCP junction for the IBM HTTP Server running on
winagent.ibmemm.edu. From the next exercise onwards, you use the resources accessible over
this junction to demonstrate the HTTP transformation feature.
Note: Verify that the iam and winagent systems are started before running the lab exercises.
1. Log on to the winagent system as IBMEMM\Administrator using password P@ssw0rd
2. Start Internet Explorer (IE) ( ) and select the AM LMI bookmark. This bookmark opens the
Access Manager appliance web interface at the https://iam.ibmemm.edu URL.
The appliance web console is also known as Local Management Interface (LMI).
3. Log in as user admin with password P@ssw0rd.

The Appliance Dashboard is displayed.

V7.0
Exercises
Uempty
4. Select Secure Web Settings from the top menu bar and navigate to Manage > Reverse
Proxy.
5. Select the rp1 instance.
The reverse proxy instance rp1 is already created in this lab.
6. Then, go to Manage > Junction Management.
The Junction Management window appears.
7. Click New and select Standard Junction.
The Create a Standard Junction window appears.
8. For Junction Point Name, type /ihs.

The standard junction name must start with a forward slash (/) character.

V7.0
Exercises
Uempty
9. For Junction Type, TCP is selected by default. Keep the default selection.
10. Next, go to the Servers tab and then click New.
11. In the Add TCP or SSL Servers window, type winagent.ibmemm.edu for Hostname, type 80 for
TCP or SSL Port. Then, click Save.
The new server appears in the Servers tab as shown in the following figure.
12. To save the junction, click Save while you are still on the Servers tab.
13. Then, click Close to close the Junction Management window.
14. Keep the LMI console open in Internet Explorer ( ) for later use.

V7.0
Exercises
Exercise 2 Modifying a request URI using HTTP Transformation
Uempty
Verifying access to the standard junction
Now, you access the target HTTP server using the ihs junction you just created.
15. Open Firefox ( ) and select the Reverse Proxy > IHS Home bookmark. This bookmark
opens the https://www.ibmemm.edu/ihs URL.
16. Log in using Username chuck with P@ssw0rd as Password. The IBM HTTP Server home page
appears indicating the junction is configured successfully.
17. Select the Reverse Proxy > Log Out bookmark to log out of the reverse proxy.
Exercise 2 Modifying a request URI using

HTTP Transformation
In this exercise, you configure an HTTP transformation rule to modify a request URI. You replace
an incorrect incoming URI badindex.htm using a correct name index.html.
Task 1 Creating a POP with HTTPTransformation attribute

First, you create a Protected Object Policy (POP) and add an extended attribute with name
HTTPTransformation. You attach this POP to a web resource that needs to go through the
transformation.
1. Switch to Internet Explorer ( ), where you have the appliance LMI console already open.
2. Navigate to Secure Web Settings > Manage > Policy Administration.

The Security Access Manager Sign On page is displayed in the right pane.
3. On the Sign On page,

a. Leave Secure Domain blank.
b. Provide sec_master as User Id and P@ssw0rd as Password

V7.0
Exercises
Uempty
c. Then, click Sign On to log on to the Default domain.
4. From the Task List in the left pane, expand POP, then select Create POP.
5. On the Create POP page, type httptrans_uri as a POP name and select Create.
The success message appears.
6. Click the httptrans_uri link to display the POP details.

The POP Properties page appears in the right pane.
7. Next, go to the Attach tab and click Attach.
8. For Protected Object Path, type /WebSEAL/iam.ibmemm.edu-rp1/ihs and click Attach.

V7.0
Exercises
Uempty
Confirm that the specified path now appears in the Attach tab.
9. In the Extended Attributes tab, create an attribute using the following information.
a. Attribute Name: HTTPTransformation
b. Attribute Value: Request=uripop
Hint: The POP is updated successfully at this time. After adding extended attributes or attaching
resources to the POP, you do not need to click Apply again to save the changes.
Task 2 Creating an HTTP Transformation rule file

Next, you create an HTTP transformation style sheet and add a custom RequestURI transformation
rule.

V7.0
Exercises
Uempty
10. In the LMI console, navigate to Secure Web Settings > Global Settings > HTTP
Transformation.
11. Click New.

The Create window opens.
12. Type req_uri_trans_rule as name and select Request as a template. Then, click OK.
The req_uri_trans_rule appears in the HTTP Transformation page.
13. The HTTP Transformation page now shows a yellow banner with the link Click here to review
the changes or apply them to the system.
Do not click the link yet.
14. Select req_uri_trans_rule and click Edit.

V7.0
Exercises
Uempty
The File editor opens.
15. Use CTRL+F to search for the text RequestLine/URI in the file.
16. Then, insert the following XSLT code in the xsl:template element that matches the
//HTTPRequest/RequestLine/URI text.
<xsl:choose>
<xsl:when test="node() = '/ihs/badindex.htm'">
<URI>/ihs/index.html</URI>
</xsl:when>
</xsl:choose>
Note: If you want to copy-paste, the text for the URI transformation is present in the file
uri_transform.txt located in C:\studentfiles\textfiles.
The updated text in the file looks like the following figure.
17. Click OK to save the changes.
18. To deploy the changes, select the link in the yellow banner as shown in the following figure.
19. Click Deploy to confirm and submit the changes.
Task 3 Updating the Reverse Proxy configuration

Now, you update the reverse proxy instance configuration file to map a request resource defined in
the httptrans_uri POP to the HTTP transformation rule req_uri_trans_rule.

V7.0
Exercises
Uempty
The /ihs junction attached to the POP acts as a resource for the transformation rule.
20. In the LMI console, navigate to Secure Web Settings > Manage > Reverse Proxy.
22. Then, go to Manage > Configuration > Edit Configuration File.

The configuration file opens in the Advanced Configuration File Editor window.
23. Use CTRL+F in the File Editor window to search for string req_uri_trans_rule.
24. Add the entry = value pair uripop = req_uri_trans_rule.

The configuration file changes look like the following figure.
25. Save and close the file editor.
26. Deploy the changes by clicking the link in the yellow banner.
27. Notice the warning prompting you to restart the reverse proxy. Close the warning by clicking X
in the right corner.
28. To restart the reverse proxy, select the rp1 instance and click Restart.
Task 4 Verifying the Request URI transformation rule

29. In Firefox ( ), type the URL:
https://www.ibmemm.edu/ihs/badindex.htm

V7.0
Exercises
Exercise 3 Adding a response header by using HTTP Transformation
Uempty
30. Log on using chuck and P@ssw0rd.
The IBM HTTP Server home page appears despite the bad URL, indicating URI transformation
is successful.
Hint: The URL returns a Page not found error if you log on using the sec_master credential. The
sec_master user is an administrative user that by default bypasses all POPs including the
httptrans_uri POP you created earlier.
31. Select the Reverse Proxy > Log Out bookmark to log out of the reverse proxy.
Exercise 3 Adding a response header by using

HTTP Transformation
In this exercise, you configure a transformation rule to add an HTTP header to the response sent to
the client.

First, you create a Protected Object Policy (POP) and add an extended attribute with name
HTTPTransformation. You attach this POP to a web resource that needs to go through the
transformation.
1. In Internet Explorer ( ), log on to the LMI console, if not already logged on.
2. Then, log on to the Policy Administration.
3. Create a POP named httptrans_header.
4. Open the POP Properties for the httptrans_header POP you just created.
5. In the Attach tab, attach the resource /WebSEAL/iam.ibmemm.edu-rp1/ihs/cgi-bin to the

POP.

V7.0
Exercises
Uempty
6. In the Extended Attribute tab, create an attribute using the following information.
b. Attribute Value: Response=headerpop

Next, you create an HTTP Transformation style sheet and add a custom Response Header
transformation rule.
Transformation.
8. Click New.
9. Type res_header_trans_rule as a name and select Response as a template. Then, click OK.
The res_header_trans_rule appears in the HTTP Transformation page.
10. Select res_header_trans_rule and click Edit.


V7.0
Exercises
Uempty
11. Use CTRL+F to search for the text HTTPResponse/Headers in the file.
//HTTPResponse/Headers text.
<xsl:choose>
<xsl:when test="contains(@name,'HEADER_A')"/>
<xsl:otherwise>
<Header action="add" name="HEADER_A">My Header A</Header>
</xsl:otherwise>
</xsl:choose>
header_transform.txt located in C:\studentfiles\textfiles.
The updated text looks like the following figure.
14. Deploy the changes.

Now, you update the instance configuration file to map a response resource defined in the
httptrans_header POP to the HTTP transformation rule res_header_trans_rule.
The IHS/cgi-bin junction application attached to the POP acts as a resource for the transformation
rule.

18. Use CTRL+F in the File Editor window to search for string res_header_trans_rule.
19. Add the entry = value pair headerpop = res_header_trans_rule.

V7.0
Exercises
Uempty
22. Restart the rp1 instance.
Task 4 Verifying the Response Header transformation rule

This time, confirm the addition of a new header using the curl utility.
23. Open a Cygwin terminal by clicking the icon ( ) in the Windows taskbar.
24. Type and run the following command:

curl -I https://www.ibmemm.edu/ihs/cgi-bin -k
25. Confirm the output shows the header_a as shown in the following figure.
26. Close the Cygwin terminal.

V7.0
Exercises
Exercise 4 Adding a cookie by using HTTP Transformation
Uempty
Exercise 4 Adding a cookie by using HTTP
Transformation
In this exercise, you configure a transformation rule to add an HTTP cookie to the response sent to
the client.

1. In Internet Explorer ( ), log on to the LMI console, if not already logged on.
2. Then, log on to the Policy Administration.
3. Create a POP named httptrans_cookie.
4. In the Attach tab, attach the resource /WebSEAL/iam.ibmemm.edu-rp1/ihs/cgi-bin to the

POP.
5. In the Extended Attribute tab, create an attribute using the following information.
b. Attribute Value: Response=cookiepop

Next, you create an HTTP Transformation style-sheet and add a custom Response Cookie
transformation rule.
Transformation.
7. Click New.

V7.0
Exercises
Uempty
8. Type res_cookie_trans_rule as name and select Response as a template. Then, click OK.
The res_cookie_trans_rule appears in the HTTP Transformation page.
9. Select res_cookie_trans_rule and click Edit.

10. Use CTRL+F to search for the text HTTPResponse/Cookies in the file.
//HTTPResponse/Cookies text.
<xsl:choose>
<xsl:when test="Cookie/@name='COOKIE_A'"/>
<xsl:otherwise>
<Cookie action="add" name="COOKIE_A">
<Content>MY COOKIE A</Content>
<Path>/</Path>
<Secure>1</Secure>
<HTTPOnly>0</HTTPOnly>
</Cookie>
</xsl:otherwise>
</xsl:choose>
cookie_transform.txt located in C:\studentfiles\textfiles.

V7.0
Exercises
Uempty
The updated text looks like the following figure.

Now, you update the instance configuration file to map a response resource defined in the
httptrans_cookie POP to the HTTP transformation rule res_cookie_trans_rule.
The IHS/cgi-bin junction application attached to the POP acts as a resource for the transformation
rule.

17. Use CTRL+F in the File Editor window to search for string res_cookie_trans_rule.
18. Add the entry = value pair cookiepop = res_cookie_trans_rule.


V7.0
Exercises
Uempty
21. Restart the rp1 instance.
Task 4 Verifying the Response Cookie transformation rule

This time, you confirm addition of a new cookie using the curl utility.
22. Open the Cygwin terminal ( ).
23. Type and run the following command:

curl -I https://www.ibmemm.edu/ihs/cgi-bin -k
24. Confirm the output shows the cookie_a cookie as shown in the following figure.
25. Close the Cygwin terminal.

V7.0
Uempty
IBM Training
© Copyright IBM Corporation 201. All Rights Reserved.

Platform - Using and Configuring

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Platform - Using and Configuring

Uploaded by

Copyright:

Available Formats

®

© Copyright International Business Machines Corporation 2017.

© Copyright IBM Corp. 2017 iii

System details IP Address Host name

© Copyright IBM Corp. 2017 1

Note: The startup order is not important.

2. Log in to the winagent VM as IBMEMM\Administrator and password P@ssw0rd.

3. Optionally, log in to the iam VM as admin and password P@ssw0rd.

© Copyright IBM Corp. 2017 2

Exercise 1 Configuring a standard junction

1. Log on to the winagent system as IBMEMM\Administrator using password P@ssw0rd

3. Log in as user admin with password P@ssw0rd.

© Copyright IBM Corp. 2017 3

5. Select the rp1 instance.

The reverse proxy instance rp1 is already created in this lab.

6. Then, go to Manage > Junction Management.

The Junction Management window appears.

7. Click New and select Standard Junction.

The Create a Standard Junction window appears.

8. For Junction Point Name, type /ihs.

© Copyright IBM Corp. 2017 4

10. Next, go to the Servers tab and then click New.

13. Then, click Close to close the Junction Management window.

© Copyright IBM Corp. 2017 5

Exercise 2 Modifying a request URI using

Task 1 Creating a POP with HTTPTransformation attribute

2. Navigate to Secure Web Settings > Manage > Policy Administration.

3. On the Sign On page,

b. Provide sec_master as User Id and P@ssw0rd as Password

© Copyright IBM Corp. 2017 6

6. Click the httptrans_uri link to display the POP details.

7. Next, go to the Attach tab and click Attach.

8. For Protected Object Path, type /WebSEAL/iam.ibmemm.edu-rp1/ihs and click Attach.

© Copyright IBM Corp. 2017 7

b. Attribute Value: Request=uripop

Task 2 Creating an HTTP Transformation rule file

© Copyright IBM Corp. 2017 8

11. Click New.

The req_uri_trans_rule appears in the HTTP Transformation page.

14. Select req_uri_trans_rule and click Edit.

© Copyright IBM Corp. 2017 9

17. Click OK to save the changes.

19. Click Deploy to confirm and submit the changes.

Task 3 Updating the Reverse Proxy configuration

© Copyright IBM Corp. 2017 10

21. Select the rp1 instance.

22. Then, go to Manage > Configuration > Edit Configuration File.

24. Add the entry = value pair uripop = req_uri_trans_rule.

25. Save and close the file editor.

Task 4 Verifying the Request URI transformation rule

© Copyright IBM Corp. 2017 11

Exercise 3 Adding a response header by using

Task 1 Creating a POP with HTTPTransformation attribute

2. Then, log on to the Policy Administration.

3. Create a POP named httptrans_header.

5. In the Attach tab, attach the resource /WebSEAL/iam.ibmemm.edu-rp1/ihs/cgi-bin to the

© Copyright IBM Corp. 2017 12

b. Attribute Value: Response=headerpop

Task 2 Creating an HTTP Transformation rule file

The res_header_trans_rule appears in the HTTP Transformation page.

10. Select res_header_trans_rule and click Edit.

© Copyright IBM Corp. 2017 13

The updated text looks like the following figure.

© Copyright IBM Corporation 201. All Rights Reserved.