To configure PingAuthorize Server to use external PDP mode, use the administrative console or dsconfig to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and set the PDP mode.
You need the following values to configure PingAuthorizeServer to use external PDP mode:
- The shared secret, which is chosen or generated when you install the Policy Editor.
- The branch name, which corresponds to the policy branch you want to evaluate requests against in the Policy Editor.
- The decision node, which is the ID of a node in the policy tree that will be
considered first during policy processing. To find the decision node value:
- In the Policy Editor, go to Policies.
- Select the node that you want to use as the root node.
This is typically the top-level node of your policy tree.
- Click the hamburger menu and select Copy ID to clipboard.
Configuring external PDP mode using the administrative console
- In the PingAuthorize administrative console, go to .
- Click New External Server and select Policy External Server from the drop-down menu.
In the New Policy External Server window, specify the
- Base URL
- Shared Secret
- Decision Node
- Click Save.
- Go to .
- In the PDP Mode list, select external.
In the Policy Server list, select the name you gave to
the policy external server in step 3.
- Click Save To PingAuthorize Server Cluster.
Configuring external PDP mode using dsconfig
dsconfig create-external-server \ --server-name "Policy Editor" \ --type policy \ --set "base-url:https://<pap-hostname>:<pap-port>" \ --set "shared-secret:pingauthorize" \ --set "branch:Default Policies" \ --set "decision-node:<your decision node ID value>" dsconfig set-policy-decision-service-prop \ --set pdp-mode:external \ --set "policy-server:Policy Editor"