PingAuthorize

Changing the PingAuthorize Policy Editor authentication mode

You can change the authentication mode after the initial setup.

Steps

Changing the Policy Editor authentication mode for manual installs

About this task

To change the authentication mode that a manually installed PingAuthorize Policy Editor uses, re-run the setup tool and choose a different authentication mode. This action overwrites the PingAuthorize Policy Editor’s existing configuration.

Steps

  1. Stop the Policy Editor.

    Example:

    $ bin/stop-server
  2. Run the setup command and select a different authentication mode.

    The modes are:

    • Demo mode

      Configures the PingAuthorize Policy Editor to use form-based authentication with a fixed set of credentials. Unlike OIDC mode, this mode does not require an external authentication server. However, it is inherently insecure and is recommended only for demonstration purposes.

    • OpenID Connect (OIDC) mode

      Configures the PingAuthorize Policy Editor to delegate authentication and sign-on services to an OpenID Connect provider, such as PingFederate.

      Example:

      $ bin/setup
  3. Start the Policy Editor.

    Example:

    $ bin/start-server

Changing the Policy Editor authentication mode for Docker deployments

About this task

To switch to OIDC authentication for a Docker deployment of the PingAuthorize Policy Editor, re-run the docker run command using the OIDC environment variables.

Steps

  1. Stop the Policy Editor Docker container.

  2. Run the Policy Editor Docker container in OIDC mode by using the PING_OIDC_CONFIGURATION_ENDPOINT and PING_CLIENT_ID environment variables in your docker run command, as shown in the following example.

    Example:

    For proper communication between containers, create a Docker network using a command like docker network create --driver <network_type> <network_name>, and then connect to that network with the --network=<network_name> option.

    docker run --network=<network_name>  -p 8443:1443 -d \
    --env-file ~/.pingidentity/config \
    --env PING_EXTERNAL_BASE_URL=localhost:8443 \
    --env PING_CLIENT_ID=c2f081c0-6a2e-4249-b07d-d60234bb5b21 \
    --env PING_OIDC_CONFIGURATION_ENDPOINT=https://auth.pingone.com/3e665735-23da-40a9-a2bb-7ccddc171aaa/as/.well-known/openid-configuration \
    pingidentity/{PAP_CONTAINER_NAME}:<TAG>

    The Docker image <TAG> used in the example is only a placeholder. For actual tag values, see the PingAuthorize PAP Docker Image on Docker Hub.