To configure PingAuthorize Server to use external PDP mode, use the administrative console or dsconfig to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and set the PDP mode.
Using the administrative console
- In the PingAuthorize administrative console, go to .
- Click New External Server and select Policy External Server.
- In the New Policy External Server window, specify the
- Base URL
- Shared Secret
- Decision Node
- Click Save.
- Go to .
- Set PDP Mode to external.
- Set Policy Server to the name you gave to the policy external server in a previous step.
- Click Save To PingAuthorize Server Cluster.
dsconfig create-external-server \ --server-name "Policy Editor" \ --type policy \ --set "base-url:https://<pap-hostname>:<pap-port>" \ --set "shared-secret:pingauthorize" \ --set "branch:Default Policies" \ --set "decision-node:<your decision node ID value>" dsconfig set-policy-decision-service-prop \ --set pdp-mode:external \ --set "policy-server:Policy Editor"
In the previous example, the shared-secret value corresponds to the shared secret chosen or generated while installing the Policy Editor. The branch is the name of a policy branch in the Policy Editor, and the decision-node value is the ID of a node in the policy tree that will be considered first during policy processing.
To find a decision node:
- In the Policy Editor, go to Policies.
- Select the node that you want to use as the root node.
This is typically the top-level node of your policy tree.
- Click the hamburger menu and select Copy ID to clipboard.