PingAuthorize

Changing the Policy Editor authentication mode for Docker deployments

About this task

To switch to OIDC authentication for a Docker deployment of the PingAuthorize Policy Editor, re-run the docker run command using the OIDC environment variables.

Steps

  1. Stop the Policy Editor Docker container.

  2. Run the Policy Editor Docker container in OIDC mode by using the PING_OIDC_CONFIGURATION_ENDPOINT and PING_CLIENT_ID environment variables in your docker run command, as shown in the following example.

    Example:

    For proper communication between containers, create a Docker network using a command like docker network create --driver <network_type> <network_name>, and then connect to that network with the --network=<network_name> option.

    docker run --network=<network_name>  -p 8443:1443 -d \
    --env-file ~/.pingidentity/config \
    --env PING_EXTERNAL_BASE_URL=localhost:8443 \
    --env PING_CLIENT_ID=c2f081c0-6a2e-4249-b07d-d60234bb5b21 \
    --env PING_OIDC_CONFIGURATION_ENDPOINT=https://auth.pingone.com/3e665735-23da-40a9-a2bb-7ccddc171aaa/as/.well-known/openid-configuration \
    pingidentity/{PAP_CONTAINER_NAME}:<TAG>

    The Docker image <TAG> used in the example is only a placeholder. For actual tag values, see the PingAuthorize PAP Docker Image on Docker Hub.