Connecting to a remote process - PingAccess - 7.2

PingAccess

bundle
pingaccess-72
ft:publication_title
PingAccess
Product_Version_ce
PingAccess 7.2
category
Product
pa-72
pingaccess
ContentType_ce

Use the remote process option to establish a connection when the PingAccess Server is running as a Windows Service, or if the com.pingidentity.pa.cli.Starter class is unavailable in the Local Process list.

Use these instructions to configure the remote process option to establish a connection. For demonstration purposes, the following task uses an LDAPLDAP (Lightweight Directory Access Protocol) An open, cross platform protocol used for interacting with directory services. configuration.
Note:

No direct configuration support is provided for enabling remote access Java Management Extensions (JMX)Java Management Extensions (JMX)JMX Java technology that provides tools for managing and monitoring applications, devices, system objects, and service-oriented networks. for PingAccess Server. To enable this level of access, use the built-in options that are available through the Java Virtual Machine (JVM)Java Virtual Machine (JVM)JVM A virtual machine that allows a computer to run Java programs and programs that are compiled to Java bytecode.. For more information, see Monitoring and Management Using JMX Technology in the Oracle Java Development Kit (JDK)Java Development Kit (JDK)JDK A development environment for building applications and components using Java. documentation.

  1. In the jvm-memory.options file for PingAccess Server, add the following text at the end of the last memory settings.
    #Settings to enable remote access to JMX
    -Dcom.sun.management.jmxremote.port=5000"
    -Dcom.sun.management.jmxremote.login.config=ExampleCompanyConfig"
    #Configuration is assumed to be in the conf folder, relative path used
    -Djava.security.auth.login.config=conf/ldap.config"
    -Dcom.sun.management.jmxremote.ssl=false"
    Note:

    Each entry must reside on its own line. In this example, a relative path is used for the ldap.config file. Some deployments might require a full path.

    Tip:

    In a production environment, use SSLSSL (Secure Sockets Layer) A protocol for authenticated and encrypted links between networked machines, typically over HTTPS. SSL was deprecated in 1999 in favor of Transport Layer Security (TLS)., as shown in this example for initial testing and debugging. For information about setting up SSL, see Monitoring and Management Using JMX Technology in the Oracle JDK documentation.

  2. Create the ldap.config file.
    ExampleCompanyConfig {
        com.sun.security.auth.module.LdapLoginModule REQUIRED
        userProvider="ldaps://ldap.server:port/OU=where,OU=users,OU=located"
        userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
        authIdentity="uid={USERNAME},OU=where,OU=users,OU=located"
        authzIdentity=monitorRole
        useSSL=true;
        };
    Note:

    Each entry must reside on its own line. In this example, ldap.config is placed in the PingAccess conf folder. If your JVM setup trusts the certificates, you can use SSL. Because of the authIdentity option, the configuration binds as the user that you enter. Otherwise, an anonymous bind validates the user name but not the password.

  3. Place the file that you created in step 3 in a location from which the PingAccess process can read it at start up.
  4. In a clustered PingAccess environment:
    1. Make the changes outlined in steps 1 - 3 to each node in the cluster.
    2. Restart each node.
  5. After you enable the JMX service, connect to the remote JMX service by specifying one of the following:
    • The name of the PingAccess Server instance
    • The IPIP (Internet Protocol) The method by which data is sent across the Internet from the source host to the destination host. address, port, and authentication credentials.
    A screen capture of the JConsole: New Connection window for connecting through a remote process.
    Note:

    Because JMX uses SSL by default when communicating with a remote host, the client host must trust the SSL certificate that is presented during setup for JMX. If the JMX client does not trust the JMX certificate, the following message is displayed.

    A screen capture of the failed connection error message.
    1. If SSL is enabled: Import the JMX SSL certificate to the client’s trusted certificates.
    2. If SSL is disabled: Click Insecure to connect.