Specifying custom configuration with an options file - PingAuthorize

Page created: 26 Jul 2021 |

Page updated: 17 Feb 2022

| 2 min read

Content Type Product documentation 9.0 PingAuthorize Product Installation User task

You can configure the Policy Editor by editing and implementing the options file.

You must run setup in non-interactive command-line mode instead of interactive mode if you need to do any of the following:

Configure the Policy Editor with a policy configuration key. A policy configuration key is an arbitrary key/value pair that can be referenced by name in the policy Trust Framework. This allows the policy trust store to be defined without hard-coding environment-specific data such as host names and credentials in the trust store.
Configure a key store for a policy information provider. This defines a client certificate that the policy engine can use for MTLS connections to a policy information provider.
Configure a trust store for a policy information provider. This defines the set of certificates or root certificates that the policy engine uses to determine whether it trusts the server certificate presented by a policy information provider.
Customize the Policy Editor’s logging behavior.
Configure private JSON Web Token (JWT) claims. This allows an organization to convey specific claims about an identity.

Make a copy of the default options file provided at config/options.yml and then customize the copy to suit your needs.

The setup tool supports configuring these options through the use of a YAML options file

Note:
When you customize your options file, do not remove or alter the logging section. For guidance about customizing logging behavior, contact Ping Identity Support.

Configure the Policy Editor with an options file.

Stop the Policy Editor.
```
$ bin/stop-server
```
Run setup normally.

Provide the options file using the --optionsFile argument.

For example, the following setup command configures a Policy Editor in demo mode using an options file named my-options.yml.

$ bin/setup demo \
  --adminUsername admin \
  --generateSelfSignedCertificate \
  --decisionPointSharedSecret pingauthorize \
  --hostname <pap-hostname> \
  --port <pap-port> \
  --adminPort <admin-port> \
  --licenseKeyFile <path-to-license> \
  --optionsFile my-options.yml

Start the Policy Editor.
```
$ bin/start-server
```