Page created: 9 Feb 2021 |
Page updated: 4 Aug 2021
To configure PingAuthorize Server to use external PDP mode, use dsconfig or the Administrative Console to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and set the PDP mode.
dsconfig create-external-server \ --server-name "Policy Editor" \ --type policy \ --set "base-url:https://<pap-hostname>:<pap-port>" \ --set "shared-secret:pingauthorize" \ --set "branch:Default Policies" \ dsconfig set-policy-decision-service-prop \ --set pdp-mode:external \ --set "policy-server:Policy Editor"
In this example, the shared-secret value corresponds to the decision point shared secret value chosen or generated while installing the Policy Editor. The branch is the name of a policy branch in the Policy Editor, and the decision-node value is the ID of a node in the policy tree that will be considered first during policy processing.
To find a decision node:
- In the Policy Editor, go to Policies.
- Select the node that you want to use as the root node.
This is typically the top-level node of your policy tree.
- Click the three-line icon and select Copy ID to clipboard.