PingAuthorize

Configuring the PingAuthorize user store

Configure PingAuthorize Server to use PingDirectory Server as its user store.

Steps

  1. To make a set of changes to PingDirectory Server that PingAuthorize Server needs, including the creation of a service account, run the prepare-external-store command.

    Example:

    {pingauthorize}/bin/prepare-external-store \
      --hostname <your-ds-host> --port 1636 --useSSL --trustAll \
      --governanceTrustStorePath  {pingauthorize}/config/truststore \
      --governanceTrustStorePasswordFile \
     {pingauthorize}/config/truststore.pin \
      --bindDN "cn=directory manager" \
      --bindPassword <your-ds-password> \
      --governanceBindDN "cn=Authorize User,cn=Root DNs,cn=config" \
      --governanceBindPassword <your-pingauthorize-service-account-password> \
      --userStoreBaseDN "ou=people,dc=example,dc=com" \
      --no-prompt
  2. To configure PingAuthorize Server with a store adapter that allows it to communicate with PingDirectory Server to retrieve identity attributes, run the create-initial-config command.

    Using create-initial-config is optional. However, if you do not use it, you do not get the user’s profile (the requester’s attributes). For more information, see User profile availability in policies.

    Example:

    {pingauthorize}/bin/create-initial-config \
      --no-prompt --port 8636 --useSSL --trustAll \
      --bindDN "cn=directory manager" \
      --bindPassword <your-pingauthorize-password> \
      --governanceBindPassword <your-pingauthorize-service-account-password> \
      --externalServerConnectionSecurity useSSL \
      --governanceTrustStorePath  {pingauthorize}/config/truststore \
      --governanceTrustStorePasswordFile \
     {pingauthorize}/config/truststore.pin \
      --userStoreBaseDN "ou=people,dc=example,dc=com" \
      --userStore "<your-ds-host>:1636:Austin" \
      --userObjectClass "inetOrgPerson" \
      --initialSchema pass-through

    This command also sets up a System for Cross-domain Identity Management (SCIM) resource type that defines a Users type with a SCIM schema that is automatically mapped to an LDAP type, inetOrgPerson, on PingDirectory Server.