PingAuthorize

Configuring PingAuthorize policy administration to use PingOne

About this task

The following configuration enables the Policy Editor to use PingOne for authentication.

Steps

  1. Run the <PingAuthorize-PAP>/bin/stop-server command to stop the Policy Editor.

  2. Using the client ID and environment ID from Configuring PingOne for PingAuthorize policy administration, run the following command to configure the Policy Editor:

    bin/setup oidc \
  --licenseKeyFile <path to PingAuthorize.lic> \
  --generateSelfSignedCertificate \
  --hostname <pap-hostname> --port <pap-port> \
  --adminPort <admin-port> \
  --oidcBaseUrl https://auth.pingone.<regional domain>/<environment id>/as \
  --clientId <client-id>

  3. Run the bin/start-server command to start the Policy Editor.

  4. Verify that you can sign on to the Policy Editor using the application you created in PingOne:

    1. Go to the Policy Editor.

    2. Click Click to Sign in.

      Result:

      Your browser redirects to the URL you set in Configuring PingOne for PingAuthorize policy administration.

      By default, the signed-on username uses the sub JSON Web Token (JWT) claim for the OpenID Connect (OIDC) user ID. You can find details on using a non-default claim in Changing the default JWT claim for the OIDC user ID.