Changing Dashboard default settings
You can change the default settings of PingIntelligence for APIs Dashboard.
To change the default settings, edit the dashboard-defaults.yml file and ilm.json file.
Changing settings in dashboard-defaults.yml
You can change the default settings of PingIntelligence Dashboard by editing the /<pi-install-path>/pingidentity/pi-api-deployment/config/dashboard-defaults.yml file.
The following table lists the variables that you can set for PingIntelligence Dashboard in various configurations.
| Variable | Description | ||
|---|---|---|---|
|
Port number to connect to PingIntelligence Dashboard. |
||
|
Defines the mode in which Dashboard authenticates. The valid values are
|
||
|
Defines the maximum time for a session. The configured values should be in the form of <number><duration_suffix>. Duration should be > 0. Allowed |
||
|
Defines the maximum number of active UI sessions at any given time. The value should be greater than 1. |
||
|
The passwords for webgui
|
||
Single sign-on (SSO) configurations - Applicable only when |
|||
|
Client ID value in configured in the identity provider. |
||
|
Client secret configured for the corresponding Client ID. |
||
|
OpenID Connect (OIDC) client authentication mode. The valid values are |
||
|
HTTPS IP address of OIDC provider. Also, place the SSO provider’s issuer-certificate in the following path: |
||
|
Claim name for unique ID of the user in UserInfo response. A new user is provisioned using this unique ID value. |
||
|
Claim name for first name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
||
|
Claim name for last name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
||
|
Claim name for role of the user in UserInfo response. The default value is |
||
|
Additional scopes in authorization request. Multiple scopes should be comma (,) separated values. OpenID profile scopes are always requested. |
||
End-of-SSO configurations |
|||
SSL configuration for PingIntelligence Dashboard
|
Configure the passwords for key store and key alias. |
||
H2 database configuration:
|
Password for H2 database and password for encryption |
||
Discovery configuration - The following variables configure discovery settings for Dashboard:
Discovery source - Defines the details of discovery source for PingAccess or Axway API gateway. PingAccess:
Axway
|
Configure PingAccess or Axway URL, username and password if the discovery source is |
||
|
Configures whether the deployment package installs Xpack. The default value is |
||
|
If you have set |
||
|
Configure the distribution type of Elasticsearch. Allowed values are
|
||
|
If you want to use an already available Elasticsearch username, configure it in |
||
|
Elasticsearch password. The default value is
|
||
|
The schedule for Elasticsearch purge to run. |
||
|
The number of days for Elasticsearch purge. |
||
|
Consumer user in Kafka. Default: |
||
|
Consumer user password. Default: |
||
|
Group in Kafka for data engine consumer. Default: |
||
|
Password for the default user name |
||
|
Password for the admin. |
||
Syslog configuration:
|
Configure Setting Provide the host and port number of the |
||
|
Make a backup of the |
The following is a sample dashboard-defaults.yml file.
---
webgui:
# Define ports for PingIntelligence WebGUI
# Make sure ports are not same for single server installation
port: 8030
# allowed values: native, sso.
# In native mode, webgui users are self managed and stored in webgui.
# In sso mode, webgui users are managed and stored in an Identity provider.
authentication_mode: native
# Maximum duration of a session.
# Value should be in the form of <number><duration_suffix>
# Duration should be > 0.
# Allowed duration_suffix values: m for minutes, h for hours, d for days.
session_max_age: 6h
# Number of active UI sessions at any time.
# Value should be greater than 1.
max_active_sessions: 50
admin_password and ping_user_password are applicable in native authentication_mode only.
# webgui "admin" account password
admin_password: changeme
# webgui "ping_user" account password
ping_user_password: changeme
Below sso configuration properties are applicable in sso authentication_mode only.
# Client ID value in Identity provider.
sso_oidc_client_id: pingintelligence
# Client Secret of the above Client ID.
sso_oidc_client_secret: changeme
# OIDC Client authentication mode.
# Valid values: BASIC, POST, or NONE
sso_oidc_client_authentication_method: BASIC
# OIDC Provider uri
# WebGUI queries <issuer-uri>/.well-known/openid-configuration to get OIDC provider metadata
# issuer ssl certificate is not trusted by default. So import issuer ssl certificate into config/webgui.jks
# issuer should be reachable from both back-end and front-end
sso_oidc_provider_issuer_uri: https://127.0.0.1:9031
# Place the sso provider issuer-certificate in the following path => <installation_path>/pingidentity/certs/webgui/
# Name of the file should be => webgui-sso-oidc-provider.crt
# claim name for unique id of the user in UserInfo response
# a new user is provisioned using this unique id value
sso_oidc_provider_user_uniqueid_claim_name: sub
# claim name for first name of the user in UserInfo response
# either first name or last name can be empty, but both should not be empty
sso_oidc_provider_user_first_name_claim_name: given_name
# claim name for last name of the user in UserInfo response
# either first name or last name can be empty, but both should not be empty
sso_oidc_provider_user_last_name_claim_name: family_name
# claim name for role of the user in UserInfo response
sso_oidc_provider_user_role_claim_name: role
# additional scopes in authorization request
# multiple scopes should be comma (,) separated
# openid,profile scopes are always requested
sso_oidc_client_additional_scopes:
## End of sso configuration
# ssl key store password of webgui hosts
server_ssl_key_store_password: changeme
server_ssl_key_alias: webgui
# local h2 db datasource properties
h2_db_password: changeme
h2_db_encryption_password: changeme
# allowed values: abs/pingaccess/axway
discovery_source: abs
# allowed values: auto/manual
discovery_mode: auto
# value is in minutes
discovery_mode_auto_polling_interval: 10
discovery_mode_auto_delete_non_discovered_apis: false
# valid only if discovery_source is set to pingaccess
pingaccess_url: https://127.0.0.1:9000/
pingaccess_username: Administrator
pingaccess_password:
# valid only if discovery_source is set to axway
axway_url: https://127.0.0.1:8075/
axway_username: apiadmin
axway_password:
dataengine:
ui:
# Install elasticsearch with xpack enabled
# If there is no authentication on pre-existing elasticsearch, set this to false
enable_xpack: true
server_port: 8040
# When install_elasticsearch is set to false in config/hosts, this url will be used
# Give the complete url with https/http and elasticsearch port number
# Make sure elasticsearch_url is accessible from ansible management host, dataengine, webgui nodes.
elasticsearch_url: https://search-giueibohzd6pfijfysjfsxucty.pingidentity.com:443
# Configuration distribution type of elasticsearch. Allowed values are default or aws
elasticsearch_distro_type: default
# User with permission set similar to "elastic" user
elastic_username: elastic
# Passwords for "elasticsearch","ping_user" and "ping_admin" users
# dataengine will be accessible for these accounts
# Please set strong passwords
# If enable_xpack is set to false, below passwords are ignored
elastic_password: changeme
# ssl key store password of webgui hosts
server_ssl_key_store_password: changeme
server_ssl_key_alias: dataengine
#Users ,passowrd and groupid for dataengine in kafka
consumer_user: pi4api_de_user
consumer_authentication_password: changeme
dataengine_groupid: pi4api.data-engine
#Elastic Search Purge Schedule
elasticsearch_purge_schedule: "0 23 * * * * "
elasticsearch_purge_days: "30"
syslog:
# Configuration for syslog
enable_syslog: false
host: localhost
port: 614
facility: LOCAL0
Changing settings in ilm.json
You can change the default settings of Index Lifecycle Management (ILM) policy by editing the /<pi-install-path>/pingidentity/pi-api-deployment/config/ilm.json file.
The ILM policy allows you to manage the lifecycle of the Elasticsearch indices. The following table lists the variables that you can set in the ilm.json file. For more information on ilm.json configuration, see Automatic rollover index.
| Variable | Description |
|---|---|
|
Defines the maximum size of the Elasticsearch rollover index. When the index size reaches the defined value, it rolls over. |
|
Defines the maximum age of the Elasticsearch rollover index configuration. The |
|
Defines the minimum age, after which the Elasticsearch rollover index enters into a different phase. Allowed units are |
|
Defines the sequence in which indices are reloaded back into memory when Elasticsearch restarts. Use a positive integer number to set the priority. |
|
Rollover index configuration takes effect only when |
The following is a sample ilm.json file.
{
"policy": {
"phases": {
"hot": {
"actions": {
"rollover": {
"max_size": "7GB",
"max_age": "7d"
},
"set_priority": {
"priority": 100
}
}
},
"warm": {
"min_age": "30d",
"actions": {
"set_priority": {
"priority": 50
}
}
},
"cold": {
"min_age": "90d",
"actions": {
"freeze": {},
"set_priority": {
"priority": 0
}
}
}
}
}
}