PingDirectory

Configuring the administrative console’s application.yml configuration file

You can configure the standalone PingDirectory server administrative console by modifying the `[.filepath]/WEB-INF/classes/application.yml` file.

The following table describes the different configuration settings listed in the default application.yml file included with the administrative console and what they do.

Setting Description

spring.*

See the .spring.io/spring-boot/docs/current/reference/html/application-properties.html//Spring API docs] for information about these properties.

You should not modify them.

management.server.base-path

Controls the prefix of the Spring Boot Actuator endpoints of the console application.

You should not modify this setting.

logging.level.*

Controls the severity level of messages logged about these packages.

log.console

If this is set to true, the console logs messages to a file.

log.file

If logging is enabled, this specifies the file that the console will log to.

PingData.SSO.OIDC.enabled

If this is set to true, the console attempts to use OpenID Connect (OIDC) single sign-on (SSO) to bind to the managed server.

If false, the console asks for a username and password.

PingData.SSO.OIDC.issuer-uri

The issuer URI to the OIDC provider.

PingData.SSO.OIDC.client-id

The client ID used with the OIDC provider.

PingData.SSO.OIDC.client-secret

The client secret used with the OIDC provider.

PingData.SSO.OIDC.trust-store-file

The file path to the trust store used when communicating with the OIDC provider.

PingData.SSO.OIDC.trust-store-type

The type of trust store specified by PingData.SSO.OIDC.trust-store-file.

PingData.SSO.OIDC.trust-store-pin

Specifies the password used with the trust store specified by PingData.SSO.OIDC.trust-store-file.

PingData.SSO.OIDC.trust-store-pin-environment-variable

Specifies the environment variable containing the password used with the trust store specified by PingData.SSO.OIDC.trust-store-file.

PingData.SSO.OIDC.strict-hostname-verification

If this is set to true, the console requires a matching host name on the OIDC provider certificate.

PingData.SSO.OIDC.trust-all

If this is set to true, the console accepts any OIDC provider certificate.

PingData.SSO.OIDC.username-attributes

The LDAP attribute containing the username of the user the console is logging in as when using SSO.

login.hide-server

If this is set to true, the 'server' field is hidden on the sign on page.

ldap.server

Auto-populates the 'server' field on the sign on page.

If login.hide-server=true, this value determines which directory server the console tries to bind to.

ldap.init-user

Auto-populates the user field on the sign-on page.

ldap.init-password

Auto-populates the password field on the sign-on page.

ldap.trust-store-file

The file path to the trust store used when binding to the directory server.

ldap.trust-store-type

Specifies the type of trust store specified by trust-store-file.

ldap.trust-store-pin

Specifies the password used with the trust store specified by trust-store-file.

ldap.trust-store-pin-environment-variable

Specifies the environment variable containing the password used with the trust store specified by trust-store-file.

ldap.file-servlet-name

Specifies the name of the file servlet on the managed directory server to use when fetching generated collect-support-data (CSD) or server profiles.

ldap.csd-task-enabled

If this is set to true, the console has a button that has the managed directory server run a collect-support-data task.

ldap.csd-destination-folder

The file path to the folder where the managed directory server stores generated CSD files after running the collect-support-data task.

ldap.profile-destination-folder

The file path to the folder where the managed directory server stores generated server profiles after running the generate-server-profile task.

Do not change this property.

branding.custom-folder

The file path to the folder that holds custom branding.properties, branding.css, and favicon.ico files.

If empty, default Ping Identity branding is used instead.

configuration.complexity

Determines the maximum complexity level for shown configuration objects.

The possible values are basic, standard, advanced, and expert.

server.sessionTimeout

The amount of time a web session can remain idle before the user must log in again. The time is set in seconds unless you use a time interval (h for hours or m for minutes). If not specified, the default is 24 hours.

After modifying the application.yml file, you must restart the console for your changes to take effect.