For an automated installation, run the PingAuthorize Policy Editor’s setup command in noninteractive, command-line mode.
You must run setup in noninteractive, command-line mode instead of interactive mode if you need to do any of the following:
- Configure the Policy Editor with a policy configuration key.
- Configure a key store for a policy information provider.
- Configure a trust store for a policy information provider.
- Customize the Policy Editor’s logging behavior.
For more information, see Specifying custom configuration with an options file.
Before you run setup, you must choose one of the two
following authentication modes for the PingAuthorize Policy Editor:
Configures the PingAuthorize Policy Editor to use form-based authentication with a fixed set of credentials. Unlike OIDC mode, this mode does not require an external authentication server. However, it is inherently insecure and is recommended only for demonstration purposes.
OpenID Connect (OIDC) mode
Configures the PingAuthorize Policy Editor to delegate authentication and sign-on services to an OpenID Connect provider, such as PingFederate.
If you choose OIDC mode, be prepared to provide the host name and port of an
OpenID Connect provider or its base URL.
If the OIDC provider presents a certificate that is not trusted by the Policy Editor's JRE, do one of the following:
- Add the certificate to the JRE trust store. For details, see Configuring PingAuthorize to use PingFederate for authorization.
- Disable certificate validation by starting the Policy Editor with the PING_OIDC_TLS_VALIDATION=NONE environment variable.
If you do not use the setup tool to generate a self-signed
certificate, you must also provide the following:
Information related to the PingAuthorize Policy Editor’s connection security, including the location of a keystore that contains the server certificate and the nickname of that server certificate.
The setup tool’s
--helpoption displays the options available for a noninteractive installation.
Run the correct command based on your needs:
If you do not want to use the default database credentials, see Setting database credentials at initial setup.
- To see the general options for running
$ bin/setup --help
- To see the options for running setup in demo
$ bin/setup demo --help
- To see the options for running setup in OIDC
$ bin/setup oidc --help
- To see the general options for running setup:
Copy and record any generated values needed to configure external
The Shared Secret is used in PingAuthorize, under .
To start the Policy Editor, or policy administration point
The Policy Editor runs in the background, so you can close the terminal window in which it was started without interrupting it.
- After you complete setup, see Post-setup steps (manual installation).
- Consider additional configuration options in Specifying custom configuration with an options file.