After you successfully set up the PingAuthorize Policy Editor, you must start the server and then configure PingAuthorize Server to use the Policy Editor as its policy decision point (PDP).
The containers must be on the same Docker network to communicate properly.
Sign on to the Policy Editor. For more information, see Signing on to the PingAuthorize Policy Editor and import a policy snapshot. You can find a set of default policies in the resource/policies/defaultPolicies.SNAPSHOT file.
To configure PingAuthorize Server to use the Policy Editor, use dsconfig or the Administrative Console to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and configure it to use external PDP mode. Also, set the Trust Framework Version to the current version, v2.
Consider the following example. Assume a container named pingauthorize and that no files are needed from the file system. The following commands run dsconfig from within the container.
docker exec pingauthorize /opt/out/instance/bin/dsconfig create-external-server \ --server-name "Policy Editor" \ --type policy \ --set "base-url:https://<pap-hostname>:<pap-port>" \ --set "shared-secret:2FederateM0re" \ --set "branch:Default Policies" docker exec pingauthorize /opt/out/instance/bin/dsconfig set-policy-decision-service-prop \ --set pdp-mode:external \ --set "policy-server:Policy Editor" \ --set trust-framework-version:v2
In the example, the base URL consists of the host name and port chosen for the Policy Editor during setup. The shared secret value is
2FederateM0re by default. The branch name corresponds to the
branch name that you chose when importing your policy snapshot.