To configure PingAuthorize Server to use external PDP mode, use the administrative console or dsconfig to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and set the PDP mode.
You need the following values to configure PingAuthorizeServer to use external PDP mode:
- The shared secret, which is chosen or generated when you install the Policy Editor.
- The branch name, which corresponds to the policy branch you want to evaluate requests against in the Policy Editor.
- The decision node, which is the ID of a node in the policy tree that will be
considered first during policy processing. To find the decision node value:
- In the Policy Editor, go to Policies.
- Select the node that you want to use as the root node.
This is typically the top-level node of your policy tree.
- Click the hamburger menu and select Copy ID to
clipboard.
Configuring external PDP mode using the administrative console
-
In the New Policy External Server window, specify the
following information:
- Name
- Base URL
- Shared Secret
- Decision Node
- Branch
-
In the Policy Server list, select the name you gave to
the policy external server in step 3.
Configuring external PDP mode using dsconfig
Use the dsconfig commands in the following code block to configure
external PDP mode:
dsconfig create-external-server \
--server-name "Policy Editor" \
--type policy \
--set "base-url:https://<pap-hostname>:<pap-port>" \
--set "shared-secret:pingauthorize" \
--set "branch:Default Policies" \
--set "decision-node:<your decision node ID value>"
dsconfig set-policy-decision-service-prop \
--set pdp-mode:external \
--set "policy-server:Policy Editor"