Post-setup steps (Docker deployment)
After you successfully set up the PingAuthorize Policy Editor, you must start the server and then configure PingAuthorize Server to use the Policy Editor as its policy decision point (PDP).
The containers must be on the same Docker network to communicate properly. |
Sign on to the Policy Editor and import a policy snapshot. You can find a set of default policies in the resource/policies/defaultPolicies.SNAPSHOT
file. For more information, see Signing on to the PingAuthorize Policy Editor.
To configure PingAuthorize Server to use the Policy Editor, use dsconfig
or the administrative console to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and configure it to use external PDP mode. Also, set the Trust Framework Version to the current version, v2.
Consider the following example. Assume a container named pingauthorize and that no files are needed from the file system. The following commands run dsconfig
from within the container.
docker exec {SERVER_CONTAINER_NAME} /opt/out/instance/bin/dsconfig create-external-server \
--server-name "{PAP_Name}" \
--type policy \
--set "base-url:https://<pap-hostname>:<pap-port>" \
--set "shared-secret:2FederateM0re" \
--set "branch:Default Policies"
docker exec {SERVER_CONTAINER_NAME} /opt/out/instance/bin/dsconfig set-policy-decision-service-prop \
--set pdp-mode:external \
--set "policy-server:{PAP_Name}" \
--set trust-framework-version:{TRUST_FRAMEWORK_VERSION}
In the example, the base URL consists of the host name and port chosen for the Policy Editor during setup. The shared secret value is 2FederateM0re
by default. The branch name corresponds to the branch name that you chose when importing your policy snapshot.