PingFederate Server

Overriding configuration settings using environment variables

To change a PingFederate server’s configuration, you can use environment variables to override the settings in multiple configuration files instead of modifying those files.

You can use a script or command line to assign values to environment variables. Then when PingFederate starts, it overrides the values in the configuration files with the values of the environment variables. During startup, PingFederate logs all the environment variables that start with "PF_" in the init.log.

You can override any property value in the following files:

<pf_install>/pingfederate/bin/

*.properties

<pf_install>/pingfederate/server/default/conf/

*.properties

*.conf

  • In clustered PingFederate environments, you must apply the environment variable changes to all the nodes.

  • Because the configuration settings overridden by the environment variables also apply to the scripts under <pf_install>/pingfederate/bin/, prevent misconfiguration by ensuring you set the environment variables correctly before running those scripts or else using persistent environment variables.

The format of an environment variable is PF_<FILE_NAME_WITHOUT_EXTENSION>_<PROPERTY_NAME>.

Here are some examples of environment variables:

The environment variable for the pf.admin.https.port property in the run.properties file is PF_RUN_PF_ADMIN_HTTPS_PORT.

In a Unix-based environment, the following command sets the value of that environment variable to 9998:

export PF_RUN_PF_ADMIN_HTTPS_PORT=9998

The environment variable for the track.state property in the cluster-adaptive.conf file is PF_CLUSTER_ADAPTIVE_TRACK_STATE.

In a Unix-based environment, the following command sets the value of that environment variable to false:

export PF_CLUSTER_ADAPTIVE_TRACK_STATE=false

To override the properties handled by PingFederate, the environment variable name is case insensitive. However, to override the properties handled by external libraries, such as jetty, the <PROPERTY NAME> part is case sensitive.

The service-points.conf file in the <pf_install>/pingfederate/server/default/conf/ directory has replaced the hivemodule.xml file that was in the <pf_install>/pingfederate/server/default/conf/META-INF/ directory. This lets you use environment variables to also override implementation classes for core services in PingFederate. For more information, see "Replacement of hivemodule.xml" in the Upgrade considerations introduced in PingFederate 11.x.