Change Dashboard default settings
You can change the default settings of PingIntelligence for APIs Dashboard.
To change the default settings, edit the dashboard-defaults.yml
file and ilm.json
file.
Change settings in dashboard-defaults.yml
You can change the default settings of PingIntelligence Dashboard by editing the /<pi-install-path>/pingidentity/pi-api-deployment/config/dashboard-defaults.yml
file. The following table lists the variables that you can set for PingIntelligence Dashboard in various configurations.
Variable | Description | ||
---|---|---|---|
|
Port number to connect to PingIntelligence Dashboard. |
||
|
Defines the mode in which Dashboard authenticates. The valid values are
|
||
|
Defines the maximum time for a session. The configured values should be in the form of |
||
|
Defines the maximum number of active UI sessions at any given time. The value should be greater than 1. |
||
|
The passwords for webgui
|
||
Single sign-on (SSO) configurations - Applicable only when |
|||
|
Client ID value in configured in the Identity provider. |
||
|
Client Secret configured for the corresponding Client ID. |
||
|
OpenID Connect (OIDC) Client authentication mode. The valid values are |
||
|
HTTPS IP address of OIDC provider. Also, place the SSO provider’s issuer-certificate in the following path - |
||
|
Claim name for unique ID of the user in UserInfo response. A new user is provisioned using this unique ID value. |
||
|
Claim name for first name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
||
|
Claim name for last name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
||
|
Claim name for role of the user in UserInfo response. Default value is |
||
|
Additional scopes in authorization request. Multiple scopes should be comma (,) separated values. OpenID, profile scopes are always requested. |
||
-End-of-SSO-configurations- |
|||
SSL configuration for PingIntelligence Dashboard
|
Configure the passwords for keystore and key alias. |
||
H2 database configuration:
|
Password for H2 database and password for encryption |
||
Discovery configuration - The following variables configure discovery settings for Dashboard:
Discovery source - Defines the details of discovery source for PingAccess or Axway API gateway. PingAccess
Axway
|
Configure PingAccess or Axway URL, username and password if the discovery source is |
||
|
Configures whether the deployment package installs X-pack. The default value is |
||
|
If you have set |
||
|
Configure the distribution type of Elasticsearch. Allowed values are
|
||
|
If you want to use an already available Elasticsearch username, configure it in |
||
|
Elasticsearch password. The default value is
|
||
|
Consumer user in Kafka. Default: |
||
|
Consumer user password. Default: |
||
|
Group in Kafka for data engine consumer. Default: |
||
|
Password for the default user name |
||
|
Password for the admin. |
||
Syslog configuration:
|
Configure Syslog details. Setting Provide the host and port number of syslog server. |
Make sure to take a backup of the |
The following is a sample dashboard-defaults.yml
file.
--- webgui: # Define ports for PingIntelligence WebGUI # Make sure ports are not same for single server installation port: 8030 # allowed values: native, sso. # In native mode, webgui users are self managed and stored in webgui. # In sso mode, webgui users are managed and stored in an Identity provider. authentication_mode: native # Maximum duration of a session. # Value should be in the form of <number><duration_suffix> # Duration should be > 0. # Allowed duration_suffix values: m for minutes, h for hours, d for days. session_max_age: 6h # Number of active UI sessions at any time. # Value should be greater than 1. max_active_sessions: 50 admin_password and ping_user_password are applicable in native authentication_mode only. # webgui "admin" account password admin_password: changeme # webgui "ping_user" account password ping_user_password: changeme Below sso configuration properties are applicable in sso authentication_mode only. # Client ID value in Identity provider. sso_oidc_client_id: pingintelligence # Client Secret of the above Client ID. sso_oidc_client_secret: changeme # OIDC Client authentication mode. # Valid values: BASIC, POST, or NONE sso_oidc_client_authentication_method: BASIC # OIDC Provider uri # WebGUI queries <issuer-uri>/.well-known/openid-configuration to get OIDC provider metadata # issuer ssl certificate is not trusted by default. So import issuer ssl certificate into config/webgui.jks # issuer should be reachable from both back-end and front-end sso_oidc_provider_issuer_uri: https://127.0.0.1:9031 # Place the sso provider issuer-certificate in the following path => <installation_path>/pingidentity/certs/webgui/ # Name of the file should be => webgui-sso-oidc-provider.crt # claim name for unique id of the user in UserInfo response # a new user is provisioned using this unique id value sso_oidc_provider_user_uniqueid_claim_name: sub # claim name for first name of the user in UserInfo response # either first name or last name can be empty, but both should not be empty sso_oidc_provider_user_first_name_claim_name: given_name # claim name for last name of the user in UserInfo response # either first name or last name can be empty, but both should not be empty sso_oidc_provider_user_last_name_claim_name: family_name # claim name for role of the user in UserInfo response sso_oidc_provider_user_role_claim_name: role # additional scopes in authorization request # multiple scopes should be comma (,) separated # openid,profile scopes are always requested sso_oidc_client_additional_scopes: ## End of sso configuration # ssl key store password of webgui hosts server_ssl_key_store_password: changeme server_ssl_key_alias: webgui # local h2 db datasource properties h2_db_password: changeme h2_db_encryption_password: changeme # allowed values: abs/pingaccess/axway discovery_source: abs # allowed values: auto/manual discovery_mode: auto # value is in minutes discovery_mode_auto_polling_interval: 10 discovery_mode_auto_delete_non_discovered_apis: false # valid only if discovery_source is set to pingaccess pingaccess_url: https://127.0.0.1:9000/ pingaccess_username: Administrator pingaccess_password: # valid only if discovery_source is set to axway axway_url: https://127.0.0.1:8075/ axway_username: apiadmin axway_password: dataengine: ui: # Install elasticsearch with xpack enabled # If there is no authentication on pre-existing elasticsearch, set this to false enable_xpack: true server_port: 8040 # When install_elasticsearch is set to false in config/hosts, this url will be used # Give the complete url with https/http and elasticsearch port number # Make sure elasticsearch_url is accessible from ansible management host, dataengine, webgui nodes. elasticsearch_url: https://search-giueibohzd6pfijfysjfsxucty.pingidentity.com:443 # Configuration distribution type of elasticsearch. Allowed values are default or aws elasticsearch_distro_type: default # User with permission set similar to "elastic" user elastic_username: elastic # Passwords for "elasticsearch","ping_user" and "ping_admin" users # dataengine will be accessible for these accounts # Please set strong passwords # If enable_xpack is set to false, below passwords are ignored elastic_password: changeme # ssl key store password of webgui hosts server_ssl_key_store_password: changeme server_ssl_key_alias: dataengine #Users ,passowrd and groupid for dataengine in kafka consumer_user: pi4api_de_user consumer_authentication_password: changeme dataengine_groupid: pi4api.data-engine syslog: # Configuration for syslog enable_syslog: false host: localhost port: 614 facility: LOCAL0
Change settings in ilm.json
You can change the default settings of Index Lifecycle Management (ILM) policy by editing the /<pi-install-path>/pingidentity/pi-api-deployment/config/ilm.json
file. The ILM policy allows you to manage the lifecycle of the Elasticsearch indices. The following table lists the variables that you can set in the ilm.json
file. For more information onilm.json
configuration, see Automatic rollover index.
Variable | Description |
---|---|
|
Defines the maximum size of the Elasticsearch rollover index. When the index size reaches the defined value, it rolls over. |
|
Defines the maximum age of the Elasticsearch rollover index configuration. |
|
Defines the minimum age, after which the Elasticsearch rollover index enters into a different phase. Allowed units are |
|
Defines the sequence in which, indices are reloaded back into memory when Elasticsearch restarts. Use a positive integer number to set the priority. |
Rollover index configuration takes effect only when |
The following is a sample ilm.json
file.
{
"policy": {
"phases": {
"hot": {
"actions": {
"rollover": {
"max_size": "7GB",
"max_age": "7d"
},
"set_priority": {
"priority": 100
}
}
},
"warm": {
"min_age": "30d",
"actions": {
"set_priority": {
"priority": 50
}
}
},
"cold": {
"min_age": "90d",
"actions": {
"freeze": {},
"set_priority": {
"priority": 0
}
}
}
}
}
}