PingAccess

Configuring engine nodes using an auto-registration file

Download a JSON Web Token (JWT) to enable a new engine node to automatically register itself at startup in PingAccess.

Before you begin

Make sure that you’ve configured an administrative node and a replica administrative node.

For a comprehensive overview of the steps necessary to set up a clustered environment, see Configuring a PingAccess cluster in the Clustering in PingAccess reference guide.

Steps

  1. Click Settings and then go to Clustering → Engine Registration.

  2. If applicable, specify an HTTP Proxy for the engine.

    To create an HTTP proxy, click +Create.

    For more information about creating proxies, see Adding proxies.

  3. If applicable, specify an HTTPS Proxy for the engine.

    To create an HTTPS proxy, click +Create.

    For more information about creating proxies, see Adding proxies.

  4. Specify an Engine Trusted Certificate if a TLS-terminating network appliance, such as a load balancer, is placed between the engines and administrative node.

    Select the certificate that the network appliance uses. The certificate helps establish a secure HTTP connection with the administrative node.

  5. In the Token Duration field, enter the number of seconds for which the generated JWT is valid.

  6. Click Download.

  7. Add the JWT file to the engine node:

    Choose from:

    • If the engine node is not a container, copy the JWT file to the PA_Home/conf directory.

    • If the engine node is a container, inject the JWT as an environment variable named REGISTRATION_TOKEN.

  8. Optional: Modify the name of the engine node:

    Choose from:

    • If the engine node is not a container, open the PA_Home/conf/engine-registration.properties file and update the engine.admin.api.engineName value.

    • If the engine node is a container, inject the engine node name as an environment variable named ENGINE_NAME.

  9. Start the engine node.

Next steps

If you specified any proxies, enable the Use Proxy option for any sites, token providers, and third-party services that require the use of a proxy. For more information, see Adding sites and the Token provider section.