PingAuthorize

Configuring Trust Framework attribute caching for development

While building and testing policies in a development environment, you can define an external attribute cache for the Trust Framework.

About this task

When you set the Policy Decision Service to external policy decision point (PDP) mode, the Policy Editor is configured by default to cache attribute values in memory on the PingAuthorize Server (for any attributes with a defined caching strategy). Alternatively, you can define an external attribute cache using Redis by configuring the options.yml file. The available Redis modes include:

  • Single Redis instance

  • Single Redis instance using TLS

  • Replicated Redis

  • Redis Sentinel

  • Amazon Web Services (AWS) ElastiCache Redis

    Screen capture of the Redis mode options for embedded PDP mode with the single Redis instance configuration highlighted

Steps

  1. Make a copy of the default options file:

    Example:

    $ cp config/options.yml my-options.yml
  2. In the cache section of the new options file, uncomment the line provider: redis to enable the Redis caching options.

  3. Uncomment the desired Redis cacheConfig block and modify it to reflect your Redis instance settings.

    Example:

    cache:
      provider:redis
      cacheConfig:
        mode: single_instance
        nodeAddresses: redis://localhost:6379
    #   username: <optional>
    #   password: <optional>
    1. Optional: Uncomment username and password and add the appropriate values.

  4. Stop the Policy Editor:

    Example:

    $ bin/stop-server
  5. Run setup using the --optionsFile argument and customize all other options as appropriate for your needs:

    Example:

    $ bin/setup demo \
      --adminUsername admin \
      --generateSelfSignedCertificate \
      --decisionPointSharedSecret pingauthorize \
      --hostname  <pap-hostname>  \
      --port  <pap-port>  \
      --adminPort  <admin-port>  \
      --licenseKeyFile  <path-to-license>  \
      --optionsFile my-options.yml
  6. Start the Policy Editor:

    Example:

    $ bin/start-server