Configuring incompatible PingAccess agents to test bearer token authentication
About this task
Complete this procedure to configure the PingAccess agent for Apache (Windows) to test bearer token authentication.
Steps
-
In the PingAccess admin console, go to Applications > Agents and open the agent configuration that you want to update.
-
To prompt PingAccess to add the private key into the
agent.propertiesfile, select the Require Token Authentication checkbox.If you clear this checkbox later, you don’t need to generate a new
agent.propertiesfile to update the shared secret. The PingAccess agent will continue to use both the shared secret and the private key from the activeagent.propertiesfile if you haven’t removed them from the file. -
Download a new
agent.propertiesfile for the agent as shown in Adding agents.In PingAccess 8.2 and later, the PingAccess server generates a public key and private key in addition to the shared secret. You can find the public key on this page, identified with a timestamp. The updated
agent.propertiesfile contains the expected private key.To rotate keys, generate a new
agent.propertiesfile, then remove the old file and public key. -
Clear the Require Token Authentication checkbox.
After downloading the new
agent.propertiesfile, leave the Require Token Authentication checkbox cleared until agent compatibility is added and this agent has been updated to the supported version. -
(Optional) To confirm that shared secret authentication still works as expected, configure the agent with the updated
agent.propertiesfile.After the agents have been updated to support bearer token authentication, make sure to download the latest version of the agents and configure them with the updated
agent.propertiesfiles.Following that, you can select the Require Token Authentication checkbox to require the configured PingAccess agent to use bearer token authentication in addition to the shared secret when making requests to the PingAccess engine nodes.
-
Repeat steps 1 - 5 for all configured agents.