After developing and testing policies in external policy decision point (PDP) mode, you can configure PingAuthorize Server for embedded PDP mode for higher environments.
You should use embedded PDP mode for production environments because it is considerably more performant for authorization decisions. This performance boost happens because in embedded PDP mode, PingAuthorize Server doesn't need to call out to the Policy Editor.
When configured to use embedded PDP mode, a policy file called a deployment package is used in PingAuthorize Server’s internal policy engine, which then handles all policy requests. The deployment package can be loaded into the server in two ways:
- The deployment package is exported from the Policy Editor and loaded into the internal policy engine by an administrator.
- The deployment package is deployed to a deployment package store, which is read by the
internal policy engine for updates at a configurable interval.Note:
If you still anticipate some policy changes in production, consider using this method instead of the exported deployment package method.
Configuring embedded PDP mode
See the following tabs to configure PingAuthorize Server to use embedded PDP mode and assign to the Policy Decision Service either:
- A deployment package store using the Deployment Manager functionality
- An exported deployment package
Configuring embedded PDP mode with a deployment package store
Follow these steps to assign a deployment package store to the Policy Decision Service and set the policy decision point (PDP) mode to embedded.
For more information on the deployment package store option and the requirements for the Deployment Manager feature, see Using the Deployment Manager.
-
Use dsconfig or the administrative console:
- Run dsconfig with the
set-policy-decision-service-prop
option.
dsconfig set-policy-decision-service-prop \ --set pdp-mode:embedded \ --set deployment-package-source-type:store \ --set deployment-package-store:<name of the store>
- Use the administrative console.
- In the administrative console, go to .
- On the Edit Policy Decision Service page, complete the General Configuration fields.
- In the Deployment Package Store Configuration section, in the Deployment Package Store field, select your deployment package store.
- In the Policy Request Configuration section, select a Trust Framework Version.
- Click Save To PingAuthorize Server Cluster.
- Run dsconfig with the
set-policy-decision-service-prop
option.
Configuring embedded PDP mode with an exported deployment package
To assign an exported deployment package to the Policy Decision Service and set the PDP mode: