Configuring engine nodes
Configure an engine node as part of a cluster in PingAccess.
Before you begin
Make sure that you’ve configured an administrative node and a replica administrative node.
For a comprehensive overview of the steps necessary to set up a clustered environment, see Configuring a PingAccess cluster in the Clustering in PingAccess reference guide. |
Steps
-
Click Settings and then go to Clustering → Engines.
-
To configure a new engine, click Add Engine.
-
In the Name field, enter a name for the engine.
Special characters and spaces are allowed.
-
Optional: In the Description field, enter a description of the engine.
-
If applicable, specify an HTTP Proxy for the engine.
For more information about creating proxies, see Adding proxies.
-
To create an HTTP proxy, click +Create.
-
-
If applicable, specify an HTTPS Proxy for the engine.
For more information about creating proxies, see Adding proxies.
-
To create an HTTPS proxy, click +Create.
-
-
Specify an Engine Trusted Certificate if a TLS-terminating network appliance, such as a load balancer, is placed between the engines and administrative node.
Select the certificate that the network appliance uses. The certificate helps establish a secure HTTP connection with the administrative node.
-
To generate and download a public and private key pair into the
<enginename>_data.zip
file for the engine, click Save & Download.This file is prepended with the name you give the engine. Depending on your browser configuration, you might be prompted to save the file.
-
Copy the
.zip
file to the<PA_HOME>
directory of the corresponding engine in the cluster and extract it.The engine uses these files to authenticate and communicate with the administrative console.
You can generate a new key for the engine at any time, just repeat steps 8-9.
-
Click Save & Download.
-
Extract the
<enginename>_data.zip
file within the engine’s<PA_HOME>
directory.
When the engine node starts up and begins using the new configuration files, PingAccess deletes the old key.
-
-
On Linux systems running the PingAccess engine, run the
chmod 400 conf/pa.jwk
command on thepa.jwk
file after you’ve extracted the.zip
file.Result:
The
pa.jwk
becomes read only, preventing it from being overwritten accidentally. -
Start each engine.
Next steps
If you specified any proxies, enable the Use Proxy option for any sites, token providers, and third party services that require the use of a proxy. For more information, see Adding sites and the Token provider section.