PingAuthorize

Specifying custom configuration with an options file

You can configure the Policy Editor by editing and implementing the options file.

About this task

You must run setup in non-interactive command-line mode instead of interactive mode if you need to do any of the following:

  • Configure the Policy Editor with a policy configuration key. A policy configuration key is an arbitrary key-value pair that can be referenced by name in the policy Trust Framework. This allows the policy trust store to be defined without hard-coding environment-specific data, such as host names and credentials in the trust store.

  • Configure a key store for a policy information provider. This defines a client certificate that the policy engine can use for MTLS connections to a policy information provider.

  • Configure a trust store for a policy information provider. This defines the set of certificates or root certificates that the policy engine uses to determine whether it trusts the server certificate presented by a policy information provider.

  • Customize the Policy Editor’s logging behavior.

  • Configure private JSON Web Token (JWT) claims. This allows an organization to convey specific claims about an identity.

If the server detects existing configuration files when running the setup tool, the setup process terminates. To re-configure the server, you must either:

  • Delete the existing configuration files and run setup again.

  • Use the --ignoreWarnings option with the setup tool to overwrite the existing configuration.yml file, delete the administrator key store, and, if you also use the --generateSelfSignedCertificate option, overwrite the server certificate file.

To reconfigure the server while preserving the values in configuration.yml or any certificate key stores, back up the configuration.yml and key stores before re-running setup.

Steps

  1. Make a copy of the default options file provided at config/options.yml and customize the copy to suit your needs.

    The setup tool supports configuring these options through the use of a YAML options file.

    When you customize your options file, do not remove or alter the logging section. For guidance about customizing logging behavior, contact Ping Identity Support.

  2. Configure the Policy Editor with an options file:

    1. Stop the Policy Editor:

      $ bin/stop-server
    2. Run the setup tool.

    3. Provide the options file using the --optionsFile argument.

      For example, the following setup command configures a Policy Editor in demo mode using an options file named my-options.yml:

      $ bin/setup demo \
        --adminUsername admin \
        --generateSelfSignedCertificate \
        --decisionPointSharedSecret pingauthorize \
        --hostname <pap-hostname> \
        --port <pap-port> \
        --adminPort  <admin-port>  \
        --licenseKeyFile <path-to-license> \
        --optionsFile my-options.yml
  3. Start the Policy Editor:

    $ bin/start-server