Example: Configure external PDP mode - PingAuthorize

Example: Configure external PDP mode - PingAuthorize - 8.3

PingAuthorize

bundle

pingauthorize-83

ft:publication_title

PingAuthorize

Product_Version_ce

PingAuthorize 8.3

category

Product

paz-83

pingauthorize

ContentType_ce

Page created: 9 Feb 2021 |

Page updated: 4 Aug 2021

| 1 min read

PingAuthorize 8.3 Product Administration User task Product documentation Content Type

To configure PingAuthorize Server to use external PDP mode, use dsconfig or the Administrative Console to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and set the PDP mode.

dsconfig create-external-server \
  --server-name "Policy Editor" \
  --type policy \
  --set "base-url:https://<pap-hostname>:<pap-port>" \
  --set "shared-secret:pingauthorize" \
  --set "branch:Default Policies" \

dsconfig set-policy-decision-service-prop \
  --set pdp-mode:external \
  --set "policy-server:Policy Editor"

In this example, the shared-secret value corresponds to the decision point shared secret value chosen or generated while installing the Policy Editor. The branch is the name of a policy branch in the Policy Editor, and the decision-node value is the ID of a node in the policy tree that will be considered first during policy processing.

To find a decision node:

In the Policy Editor, go to Policies.
Select the node that you want to use as the root node.
This is typically the top-level node of your policy tree.
Click the three-line icon and select Copy ID to clipboard.

Screen capture of the Polices tab showing the Copy ID to clipboard option.