PingIntelligence

Changing default settings

It is recommended that you change the default key and password in ABS.

About this task

The following is a list of commands to change the default values.

Changing default JKS password

You can change the default password for the key store and key.

Before you begin

Make sure that ABS is stopped before changing the JKS password.

About this task

Complete the following steps to change the default JKS passwords. IMPORTANT: The key store and key password should be the same.

Steps

  1. To change the key store password, enter the following command to change the key store password:

    # keytool -storepasswd -keystore config/ssl/abs.jks
Enter keystore password:  abs123
New keystore password: newjkspassword
Re-enter new keystore password: newjkspassword

    The default key store password is abs123.

  2. To change the key password, enter the following command to change the key password. The default key password is abs123.

    # keytool -keypasswd -alias pingidentity -keypass abs123 -new newjkspassword -keystore config/ssl/abs.jks
Enter keystore password: newjkspassword

    The default key password is abs123.

Next steps

Start ABS after you have changed the default passwords.

Changing abs_master.key

Create your own ABS master key to obfuscate keys and password in ABS.

Before you begin

ABS must be stopped before creating a new abs_master.key.

About this task

To create your own ABS master key:

Steps

  1. Run the following command: generate_obfkey.

  2. If ABS is running, then stop ABS before generating a new ABS master key. Enter the following command to stop ABS:

    # /opt/pingidentity/abs/bin/stop.sh
checking API Behavioral Security status
sending shutdown signal to ABS, please wait...
API Behavioral Security stopped

  3. To change abs_master.key, enter the generate_obfkey command to change the default ABS master key:

    /opt/pingidentity/abs/bin/cli.sh generate_obfkey -u admin -p admin
Please take a backup of config/abs_master.key before proceeding.
Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh -obfuscate_keys
Warning: Obfuscation master key file
/pingidentity/abs/config/abs_master.key already exists. This command will delete it and create a new key in the same file
Do you want to proceed [y/n]: y
Creating new obfuscation master key
Success: created new obfuscation master key at /pingidentity/abs/config/abs_master.key

Changing CLI admin password

You can change the default admin password.

About this task

To change the CLI admin password:

Steps

  1. Enter the following command:

    /opt/pingidentity/abs/bin/cli.sh update_password -u admin -p admin
New Password>
Reenter New Password>
Success. Password updated for CLI

Changing default access and secret key in MongoDB

You can change default access and the secret key in MongoDB.

About this task

To change the default access and secret key, complete the following steps.

":" (colon) is a restricted character and not allowed in the access key or secret key.

Steps

  1. Connect to MongoDB by entering the following command:

    mongo --host <mongo-host> --port <mongo-port> --authenticationDatabase admin -u absuser -p abs123

    absuser and abs123 are the default username and password for MongoDB.

  2. On the MongoDB prompt, run the following command:

    use abs_metadata
db.auth_info.updateOne( { access_key: "<new-access-key>", secret_key: "<new-secret-key>"} )