PingAuthorize

Post-setup steps (manual installation)

After you set up the PingAuthorize Policy Editor, you must start the server from the CLI and then change the PingAuthorize Server configuration to use the Policy Editor as its policy decision point (PDP).

To start the Policy Editor, run the following command.

$ bin/start-server

Then, sign on to the Policy Editor and import a policy snapshot. You can find a set of default policies in the resource/policies/defaultPolicies.SNAPSHOT file. For more information, see Signing on to the PingAuthorize Policy Editor.

To configure PingAuthorize Server to use the Policy Editor, use dsconfig or the administrative console to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and configure it to use external PDP mode. Also, set the Trust Framework Version to the current version, v2. Consider the following example.

dsconfig create-external-server \
  --server-name "{PAP_Name}" \
  --type policy \
  --set "base-url:https://<pap-hostname>:<pap-port>" \
  --set "shared-secret:pingauthorize" \
  --set "branch:Default Policies" \

dsconfig set-policy-decision-service-prop \
  --set pdp-mode:external \
  --set "policy-server:{PAP_Name}"
  --set trust-framework-version:{TRUST_FRAMEWORK_VERSION}

In the example, the base URL consists of the host name and port chosen for the Policy Editor during setup. Similarly, the shared secret value was chosen during setup. The branch name corresponds to the branch name that you chose when importing your policy snapshot. The decision node is the ID of the root node in your policy tree. If you are using the default policies, then use the ID shown in the example.