Installing the server manually
Choose your manual install mode for PingAuthorize Server and then perform the server installation.
Steps
-
Read about the server installation modes and decide which mode you want to use.
-
Complete the steps for your chosen mode, interactive or noninteractive.
About the server installation modes
There are several different installation modes for PingAuthorize Server.
PingAuthorize Server provides the following tools to help install and configure the system:
-
The
setup
tool performs the initial tasks needed to start PingAuthorize Server, including configuring Java virtual machine (JVM) runtime settings and assigning listener ports for the PingAuthorize Server’s HTTP services. -
The
create-initial-config
tool configures connectivity between a System for Cross-domain Identity Management (SCIM) 2 user store and PingAuthorize Server. During the process, theprepare-external-store
tool prepares each PingDirectory Server to serve as a user store by PingAuthorize Server. Configuration can be written to a file to use for additional installations.Using
create-initial-config
is optional. However, if you do not use it, you do not get the user’s profile (the requester’s attributes). For more information, see User profile availability in policies. -
After the initial setup is finished, you can use the
dsconfig
tool and the administrative console to perform additional configuration.You can use server profiles to automate deployment of PingAuthorize Server. For more information, see Deployment automation and server profiles.
To install a server instance, run the setup
tool in one of the following modes:
- Interactive command-line mode
-
Prompts for information during the installation process. To run the installation in this mode, use the
setup --cli
command. - Noninteractive command-line mode
-
Designed for setup scripts to automate installations or for command-line usage. To run the installation in this mode, setup must be run with the
--no-prompt
option as well as the other arguments required to define the appropriate initial configuration.
You can perform all installation and configuration steps while signed on to the system as the user or the role under which PingAuthorize Server will run.
-
Interactive
-
Noninteractive
Installing the server interactively
Run the setup
tool, which prompts you interactively for the information that it needs to install PingAuthorize Server.
Before you begin
Be prepared to provide the following information:
-
The location of a valid license file
-
The name and password for an administrative account, which is also called the root user distinguished name (DN)
-
An available port for PingAuthorize Server to accept HTTPS requests
-
An available LDAPS port for PingAuthorize Server to accept administrative requests
-
Information related to the server’s connection security, including the location of a keystore that contains the server certificate, the nickname of that server certificate, and the location of a truststore
-
The amount of memory to reserve for usage by the Java virtual machine (JVM)
-
A unique instance name for the server
Steps
-
Run the
setup
command.Example:
$ ./setup
-
To start and stop PingAuthorize Server, use the
start-server
andstop-server
commands, respectively.For additional options, see Starting PingAuthorize Server.
Installing the server noninteractively
For an automated installation, run the setup
tool in noninteractive, command-line mode.
Before you begin
Be prepared to provide the following settings using command-line arguments:
-
The location of a valid license file
-
The name and password for an administrative account, which is also called the root user distinguished name (DN).
-
An available port for PingAuthorize Server to accept HTTPS requests
-
An available LDAPS port for PingAuthorize Server to accept administrative requests
-
Information related to the server’s connection security, including the location of a keystore that contains the server certificate, the nickname of that server certificate, and the location of a truststore
-
The amount of memory to reserve for usage by the Java virtual machine (JVM)
-
A unique instance name for the server
Steps
-
Run the
setup
tool to install the server noninteractively. -
For more information about the available setup options, run
setup
with the--help
argument, which displays a complete list of setup options, along with examples.$ ./setup --help
Example
The following example sets up PingAuthorize with these settings:
-
LDAP port 8389
-
LDAPS port 8636
-
HTTPS port 8443
-
An automatically generated self-signed server certificate
-
1 GB of memory reserved for the server’s JVM
-
A unique server instance name of
pingauthorize1
-
A server location of
Austin
$ ./setup \
--cli --no-prompt --acceptLicense \
--licenseKeyFile <path-to-license> \
--rootUserDN "cn=directory manager" \
--rootUserPassword <your-password> \
--ldapPort 8389 --ldapsPort 8636 \
--httpsPort 8443 \
--generateSelfSignedCertificate \
--maxHeapSize 1g \
--instanceName pingauthorize1 \
--location Austin