Page created: 26 Jul 2021
|
Page updated: 12 Jun 2022
To configure PingAuthorize Server to use external PDP mode, use the administrative console or dsconfig to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and set the PDP mode.
Using the administrative console
- In the PingAuthorize administrative console, go to .
- Click New External Server and select Policy External Server.
- In the New Policy External Server window, specify the
following information:
- Name
- Base URL
- Shared Secret
- Decision Node
- Branch
- Click Save.
- Go to .
- Set PDP Mode to external.
- Set Policy Server to the name you gave to the policy
external server in a previous step.
- Click Save To PingAuthorize Server Cluster.
Using dsconfig
dsconfig create-external-server \
--server-name "Policy Editor" \
--type policy \
--set "base-url:https://<pap-hostname>:<pap-port>" \
--set "shared-secret:pingauthorize" \
--set "branch:Default Policies" \
--set "decision-node:<your decision node ID value>"
dsconfig set-policy-decision-service-prop \
--set pdp-mode:external \
--set "policy-server:Policy Editor"
In the previous example, the shared-secret value corresponds to the shared secret chosen or generated while installing the Policy Editor. The branch is the name of a policy branch in the Policy Editor, and the decision-node value is the ID of a node in the policy tree that will be considered first during policy processing.
To find a decision node:
- In the Policy Editor, go to Policies.
- Select the node that you want to use as the root node.
This is typically the top-level node of your policy tree.
- Click the hamburger menu and select Copy ID to clipboard.