PingAccess

Configuring engine nodes

Configure an engine node as part of a cluster in PingAccess.

Before you begin

Make sure that you’ve configured an administrative node and a replica administrative node.

For a comprehensive overview of the steps necessary to set up a clustered environment, see Configuring a PingAccess cluster in the Clustering in PingAccess reference guide.

Steps

  1. Click Settings and then go to Clustering → Engines.

  2. To configure a new engine, click Add Engine.

  3. In the Name field, enter a name for the engine.

    Special characters and spaces are allowed.

  4. Optional: In the Description field, enter a description of the engine.

  5. If applicable, specify an HTTP Proxy for the engine.

    For more information about creating proxies, see Adding proxies.

    1. To create an HTTP proxy, click +Create.

  6. If applicable, specify an HTTPS Proxy for the engine.

    For more information about creating proxies, see Adding proxies.

    1. To create an HTTPS proxy, click +Create.

  7. Specify an Engine Trusted Certificate if a TLS-terminating network appliance, such as a load balancer, is placed between the engines and administrative node.

    Select the certificate that the network appliance uses. The certificate helps establish a secure HTTP connection with the administrative node.

  8. To generate and download a public and private key pair into the <enginename>_data.zip file for the engine, click Save & Download.

    This file is prepended with the name you give the engine. Depending on your browser configuration, you might be prompted to save the file.

  9. Copy the .zip file to the <PA_HOME> directory of the corresponding engine in the cluster and extract it.

    The engine uses these files to authenticate and communicate with the administrative console.

    You can generate a new key for the engine at any time, just repeat steps 8-9.

    1. Click Save & Download.

    2. Extract the <enginename>_data.zip file within the engine’s <PA_HOME> directory.

    When the engine node starts up and begins using the new configuration files, PingAccess deletes the old key.

  10. On Linux systems running the PingAccess engine, run the chmod 400 conf/pa.jwk command on the pa.jwk file after you’ve extracted the .zip file.

    Result:

    The pa.jwk becomes read only, preventing it from being overwritten accidentally.

  11. Start each engine.

Next steps

If you specified any proxies, enable the Use Proxy option for any sites, token providers, and third party services that require the use of a proxy. For more information, see Adding sites and the Token provider section.