Changing settings in dashboard-defaults.yml
You can change the default settings of PingIntelligence Dashboard by editing the /<pi-install-path>/pingidentity/pi-api-deployment/config/dashboard-defaults.yml
file.
The following table lists the variables that you can set for PingIntelligence Dashboard in various configurations.
Variable | Description | ||
---|---|---|---|
|
Port number to connect to PingIntelligence Dashboard. |
||
|
Defines the mode in which Dashboard authenticates. The valid values are
|
||
|
Defines the maximum time for a session. The configured values should be in the form of <number><duration_suffix>. Duration should be > 0. Allowed |
||
|
Defines the maximum number of active UI sessions at any given time. The value should be greater than 1. |
||
|
The passwords for webgui
|
||
Single sign-on (SSO) configurations - Applicable only when |
|||
|
Client ID value in configured in the identity provider. |
||
|
Client secret configured for the corresponding Client ID. |
||
|
OpenID Connect (OIDC) client authentication mode. The valid values are |
||
|
HTTPS IP address of OIDC provider. Also, place the SSO provider’s issuer-certificate in the following path: |
||
|
Claim name for unique ID of the user in UserInfo response. A new user is provisioned using this unique ID value. |
||
|
Claim name for first name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
||
|
Claim name for last name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
||
|
Claim name for role of the user in UserInfo response. The default value is |
||
|
Additional scopes in authorization request. Multiple scopes should be comma (,) separated values. OpenID profile scopes are always requested. |
||
End-of-SSO configurations |
|||
SSL configuration for PingIntelligence Dashboard
|
Configure the passwords for key store and key alias. |
||
H2 database configuration:
|
Password for H2 database and password for encryption |
||
Discovery configuration - The following variables configure discovery settings for Dashboard:
Discovery source - Defines the details of discovery source for PingAccess or Axway API gateway. PingAccess:
Axway
|
Configure PingAccess or Axway URL, username and password if the discovery source is |
||
|
Configures whether the deployment package installs Xpack. The default value is |
||
|
If you have set |
||
|
Configure the distribution type of Elasticsearch. Allowed values are
|
||
|
If you want to use an already available Elasticsearch username, configure it in |
||
|
Elasticsearch password. The default value is
|
||
|
The schedule for Elasticsearch purge to run. |
||
|
The number of days for Elasticsearch purge. |
||
|
Consumer user in Kafka. Default: |
||
|
Consumer user password. Default: |
||
|
Group in Kafka for data engine consumer. Default: |
||
|
Password for the default user name |
||
|
Password for the admin. |
||
Syslog configuration:
|
Configure Setting Provide the host and port number of the |
Make a backup of the |
The following is a sample dashboard-defaults.yml
file.
--- webgui: # Define ports for PingIntelligence WebGUI # Make sure ports are not same for single server installation port: 8030 # allowed values: native, sso. # In native mode, webgui users are self managed and stored in webgui. # In sso mode, webgui users are managed and stored in an Identity provider. authentication_mode: native # Maximum duration of a session. # Value should be in the form of <number><duration_suffix> # Duration should be > 0. # Allowed duration_suffix values: m for minutes, h for hours, d for days. session_max_age: 6h # Number of active UI sessions at any time. # Value should be greater than 1. max_active_sessions: 50 admin_password and ping_user_password are applicable in native authentication_mode only. # webgui "admin" account password admin_password: changeme # webgui "ping_user" account password ping_user_password: changeme Below sso configuration properties are applicable in sso authentication_mode only. # Client ID value in Identity provider. sso_oidc_client_id: pingintelligence # Client Secret of the above Client ID. sso_oidc_client_secret: changeme # OIDC Client authentication mode. # Valid values: BASIC, POST, or NONE sso_oidc_client_authentication_method: BASIC # OIDC Provider uri # WebGUI queries <issuer-uri>/.well-known/openid-configuration to get OIDC provider metadata # issuer ssl certificate is not trusted by default. So import issuer ssl certificate into config/webgui.jks # issuer should be reachable from both back-end and front-end sso_oidc_provider_issuer_uri: https://127.0.0.1:9031 # Place the sso provider issuer-certificate in the following path => <installation_path>/pingidentity/certs/webgui/ # Name of the file should be => webgui-sso-oidc-provider.crt # claim name for unique id of the user in UserInfo response # a new user is provisioned using this unique id value sso_oidc_provider_user_uniqueid_claim_name: sub # claim name for first name of the user in UserInfo response # either first name or last name can be empty, but both should not be empty sso_oidc_provider_user_first_name_claim_name: given_name # claim name for last name of the user in UserInfo response # either first name or last name can be empty, but both should not be empty sso_oidc_provider_user_last_name_claim_name: family_name # claim name for role of the user in UserInfo response sso_oidc_provider_user_role_claim_name: role # additional scopes in authorization request # multiple scopes should be comma (,) separated # openid,profile scopes are always requested sso_oidc_client_additional_scopes: ## End of sso configuration # ssl key store password of webgui hosts server_ssl_key_store_password: changeme server_ssl_key_alias: webgui # local h2 db datasource properties h2_db_password: changeme h2_db_encryption_password: changeme # allowed values: abs/pingaccess/axway discovery_source: abs # allowed values: auto/manual discovery_mode: auto # value is in minutes discovery_mode_auto_polling_interval: 10 discovery_mode_auto_delete_non_discovered_apis: false # valid only if discovery_source is set to pingaccess pingaccess_url: https://127.0.0.1:9000/ pingaccess_username: Administrator pingaccess_password: # valid only if discovery_source is set to axway axway_url: https://127.0.0.1:8075/ axway_username: apiadmin axway_password: dataengine: ui: # Install elasticsearch with xpack enabled # If there is no authentication on pre-existing elasticsearch, set this to false enable_xpack: true server_port: 8040 # When install_elasticsearch is set to false in config/hosts, this url will be used # Give the complete url with https/http and elasticsearch port number # Make sure elasticsearch_url is accessible from ansible management host, dataengine, webgui nodes. elasticsearch_url: https://search-giueibohzd6pfijfysjfsxucty.pingidentity.com:443 # Configuration distribution type of elasticsearch. Allowed values are default or aws elasticsearch_distro_type: default # User with permission set similar to "elastic" user elastic_username: elastic # Passwords for "elasticsearch","ping_user" and "ping_admin" users # dataengine will be accessible for these accounts # Please set strong passwords # If enable_xpack is set to false, below passwords are ignored elastic_password: changeme # ssl key store password of webgui hosts server_ssl_key_store_password: changeme server_ssl_key_alias: dataengine #Users ,passowrd and groupid for dataengine in kafka consumer_user: pi4api_de_user consumer_authentication_password: changeme dataengine_groupid: pi4api.data-engine #Elastic Search Purge Schedule elasticsearch_purge_schedule: "0 23 * * * * " elasticsearch_purge_days: "30" syslog: # Configuration for syslog enable_syslog: false host: localhost port: 614 facility: LOCAL0