PingAuthorize

Example: Installing and configuring the Policy Editor interactively

This tutorial describes how to install an instance of the PingAuthorize Policy Editor interactively.

About this task

These installation instructions are for tutorial purposes. They will only provide a limited install.

Steps

  1. Extract the contents of the compressed PingAuthorize-PAP distribution file.

  2. Change the directory to PingAuthorize-PAP.

  3. To configure the application, run the ./bin/setup script.

  4. Answer the on-screen questions.

    For the following questions, use the recommended answers provided.

    Question Answer

    How would you like to configure the Policy Editor?

    Use Quickstart to set up a demo server with credentials admin/password123 and to use a self-signed certificate for SSL

    On which port should the Policy Editor listen for HTTPS communications?

    You can use any unused port here, but most of the examples in this guide assume that port 9443 is used for the PingAuthorize Policy Editor.

    Enter the fully qualified host name or IP address that users’ browsers will use to connect to this GUI

    Unless you are testing on localhost, ensure that the provided API URL uses the public DNS name of the PingAuthorize Policy Editor server. For example, pap.example.com.

  5. Copy and record any generated values needed to configure external servers.

    The Shared Secret is used in PingAuthorize, under External Servers → Policy External Server → Shared Secret.

  6. To start the Policy Editor, or policy administration point (PAP), run bin/start-server.

    The Policy Editor runs in the background, so you can close the terminal window in which it was started without interrupting it.

Result

Your demo configuration should resemble the following example.

[/opt/{pingauthorize}-PAP]$ bin/setup

Please enter the location of a valid  {pingauthorize}  with Symphonic license file
[/opt/{pingauthorize}-PAP/{pingauthorize}.lic]: /opt/{pingauthorize}/{pingauthorize}.lic

{pingauthorize}  Policy Editor
============================================

How would you like to configure the Policy Editor?

    1)  Quickstart (DEMO PURPOSES ONLY): This option configures the server with a form
        based authentication and generates a self-signed server certificate
    2)  OpenID Connect: This option configures the server to use an OpenID Connect
        provider such as  {pingfed}
    3)  Cancel the setup

Enter option [1]: 1

On which port should the Policy Editor listen for application HTTPS communications? [9443]: 9443

Enter the fully qualified host name or IP address that users' browsers will use to
connect to this GUI [centos.localdomain]: pap.examplecom

On which port should the Policy Editor listen for administrative HTTPS communications? [9444]: 9444

Would you like to enable periodic policy database backups? (yes / no) [yes]: yes

Enter the backup schedule as a cron expression (defaults to daily at midnight): [0 0 0 * * ?]: 0 0 0 * * ?

Setup Summary
==========================================
Host Name:         pap.example.com
Server Port:       9443
Secure Access:     Self-signed certificate
Admin Port:        9444
Periodic Backups:  Enabled
Backup Schedule:   0 0 0 * * ?

Command-line arguments that would set up this server non-interactively:
    setup demo --hostname pap.example.com --adminPort 9444 --port 9443 --certNickname server-cert \
         --licenseKeyFile /opt/{pingauthorize}/{pingauthorize}.lic \
         --backupSchedule '0 0 0 * * ?' --pkcs12KeyStorePath config/keystore.p12 \
         --generateSelfSignedCertificate

What would you like to do?

    1)  Set up the server with the parameters above
    2)  Provide the setup parameters again
    3)  Cancel the setup

Enter option [1]:

Setup completed successfully

Please configure the following values
====================================================================================
 {pingauthorize}  Server - Policy External Server
  Base URL:                                         https://pap.example.com:9443
  Shared Secret:                                    7ed6f52d6e71411ca9e58f9567c7de2e
  Trust Manager Provider:                           Blind Trust

Please start the server by running bin/start-server

In this example, the PingAuthorize Policy Editor is now running and listening on port 9443.

Next steps

To sign on to the interface, go to https://<host>:9443. The default credentials are admin and password123.

Use the default user name and password sign on credentials for demo and testing purposes only, such as this initial walk-through. To configure the PingAuthorize Policy Editor for PingFederate OpenID Connect (OIDC) single sign-on (SSO), see Installing the PingAuthorize Policy Editor non-interactively.