Installing the PingAuthorize Policy Editor noninteractively - PingAuthorize

Installing the PingAuthorize Policy Editor noninteractively - PingAuthorize - 8.3

PingAuthorize

bundle

pingauthorize-83

ft:publication_title

PingAuthorize

Product_Version_ce

PingAuthorize 8.3

category

Product

paz-83

pingauthorize

ContentType_ce

Page created: 9 Feb 2021 |

Page updated: 14 Dec 2021

| 3 min read

PingAuthorize 8.3 Product Installation User task Product documentation Content Type

For an automated installation, run the PingAuthorize Policy Editor’s setup command in noninteractive, command-line mode.

Note:

You must run setup in noninteractive, command-line mode instead of interactive mode if you need to do any of the following:

Configure the Policy Editor with a policy configuration key.
Configure a key store for a policy information provider.
Configure a trust store for a policy information provider.
Customize the Policy Editor’s logging behavior.

For more information, see Specifying custom configuration with an options file.

Before you run setup, you must choose one of the two following authentication modes for the PingAuthorize Policy Editor:
- Demo mode
  
  Configures the PingAuthorize Policy Editor to use form-based authentication with a fixed set of credentials. Unlike OIDC mode, this mode does not require an external authentication server. However, it is inherently insecure and is recommended only for demonstration purposes.
- OpenID Connect (OIDC) mode
  
  Configures the PingAuthorize Policy Editor to delegate authentication and sign-on services to an OpenID Connect provider, such as PingFederate.
Optional: If you choose OIDC mode, be prepared to provide the host name and port of an OpenID Connect provider or its base URL.
Note:
If the OIDC provider presents a certificate that is not trusted by the Policy Editor's JRE, do one of the following:
- Add the certificate to the JRE trust store. For details, see Configuring PingAuthorize to use PingFederate for authorization.
- Disable certificate validation by starting the Policy Editor with the PING_OIDC_TLS_VALIDATION=NONE environment variable.
Optional: If you do not use the setup tool to generate a self-signed certificate, you must also provide the following:
- Information related to the PingAuthorize Policy Editor’s connection security, including the location of a keystore that contains the server certificate and the nickname of that server certificate.
Note:
The setup tool’s --help option displays the options available for a noninteractive installation.
Run the correct command based on your needs:
Note:
If you do not want to use the default database credentials, see Setting database credentials at initial setup.
- To see the general options for running setup:
```
$ bin/setup --help
```
- To see the options for running setup in demo mode:
```
$ bin/setup demo --help
```
- To see the options for running setup in OIDC mode:
```
$ bin/setup oidc --help
```
Copy and record any generated values needed to configure external servers.

The Shared Secret is used in PingAuthorize, under External Servers > Policy External Server > Shared Secret.
To start the Policy Editor, or policy administration point (PAP), run bin/start-server.

The Policy Editor runs in the background, so you can close the terminal window in which it was started without interrupting it.
After you complete setup, see Post-setup steps (manual installation).
Consider additional configuration options in Specifying custom configuration with an options file.