PingIntelligence

Change default settings

It is recommended that you change the default key and password in ASE. Following is a list of commands to change the default values:

Change ase_master.key

Run the following command to create your own ASE master key to obfuscate keys and password in ASE.

Command: generate_obfkey. ASE must be stopped before creating a new ase_master.key

/opt/pingidentity/ase/bin/cli.sh admin generate_obfkey -u admin -p admin
API Security Enforcer is running. Please stop ASE before generating new obfuscation master key

Stop ASE: Stop ASE by running the following command:

/opt/pingidentity/ase/bin/stop.sh -u admin –p admin
checking API Security Enforcer status…sending stop request to ASE. please wait…
API Security Enforcer stopped

Change ase_master.key: Enter the generate_obfkey command to change the default ASE master key:

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin generate_obfkey
Please take a backup of config/ase_master.key, config/ase.conf,
config/abs.conf, config/cluster.conf before proceeding
Warning: Once you create a new obfuscation master key, you should
obfuscate all config keys also using cli.sh obfuscate_keys
Warning: Obfuscation master key file /opt/pingidentity/ase/config/ase_master.key already exist.
This command will delete it create a new key in the same file
Do you want to proceed [y/n]:

After you change the ase_master.key, you need to obfuscate all keys and passwords with the new ase_master.key. Enter the keys and passwords in ase.conf, abs.conf, and cluster.conf in plain text and run the obfuscation commands. For more information on obfuscation, see Obfuscate keys and passwords.

Start ASE: After a new ASE master key is generated, start ASE by entering the following command:

/opt/pingidentity/ase/bin/start.sh
Starting API Security Enforcer 4.1...
please see /opt/pingidentity/ase/logs/controller.log for more details

Change keystore password

You can change the keystore password by entering the following command. The default password is asekeystore. ASE must be running for updating the keystore password.

Command: update_keystore_password

/opt/pingidentity/ase/bin/cli.sh update_keystore_password -u admin -p admin
New password >
New password again >
keystore password updated

Change admin password

You can change the default admin password by entering the following command.

/opt/pingidentity/ase/bin/cli.sh update_password -u admin
Old password >
New password >
New password again >
Password updated successfully

You can change the password on a single ASE node and propagate the change to other nodes in the ASE cluster. For more information, see Propagate changed password.

Any change in the ASE admin password must be updated in the PingIntelliegence for APIs Dashboard. Add the new password to <pi_install_dir>/webgui/config/webgui.properties and obfuscate it.