Configuring external PDP mode - PingAuthorize - 9.1

PingAuthorize
bundle
pingauthorize-91
ft:publication_title
PingAuthorize
Product_Version_ce
PingAuthorize 9.1
category
ContentType
Product
Productdocumentation
paz-91
pingauthorize
ContentType_ce
Product documentation
Page created: 17 Feb 2022 |
Page updated: 29 Jul 2022
| 1 min read

Product PingAuthorize 9.1 Content Type Product documentation Administration User task

To configure PingAuthorize Server to use external PDP mode, use the administrative console or dsconfig to create a Policy External Server to represent the Policy Editor, then assign the Policy External Server to the Policy Decision Service and set the PDP mode.

You need the following values to configure PingAuthorizeServer to use external PDP mode:

  • The shared secret, which is chosen or generated when you install the Policy Editor.
  • The branch name, which corresponds to the policy branch you want to evaluate requests against in the Policy Editor.
  • The decision node, which is the ID of a node in the policy tree that will be considered first during policy processing. To find the decision node value:
    1. In the Policy Editor, go to Policies.
    2. Select the node that you want to use as the root node.

      This is typically the top-level node of your policy tree.

    3. Click the hamburger menu and select Copy ID to clipboard.
      Screen capture of the Polices tab showing the Copy ID to clipboard option.

Configuring external PDP mode using the administrative console

Page created: 12 Jun 2022 |
Page updated: 29 Jul 2022
| 1 min read

Product PingAuthorize 9.1 Content Type Product documentation Administration User task

  1. In the PingAuthorize administrative console, go to Configuration > Data Sources > External Servers.
  2. Click New External Server and select Policy External Server from the drop-down menu.
  3. In the New Policy External Server window, specify the following information:
    • Name
    • Base URL
    • Shared Secret
    • Decision Node
    • Branch

    Screen capture of the New Policy External Server window with the required fields specified by the text circled in red.
  4. Click Save.
  5. Go to Authorization and Policies > Policy Decision Service.
  6. In the PDP Mode list, select external.
  7. In the Policy Server list, select the name you gave to the policy external server in step 3.

    Screen capture of the Edit Policy Decision Service window with the PDP Mode and Policy Server lists
  8. Click Save To PingAuthorize Server Cluster.

Configuring external PDP mode using dsconfig

Page created: 12 Jun 2022 |
Page updated: 29 Jul 2022
| 1 min read

Product PingAuthorize 9.1 Content Type Product documentation Administration User task

  • Use the dsconfig commands in the following code block to configure external PDP mode: 
    dsconfig create-external-server \
  --server-name "Policy Editor" \
  --type policy \
  --set "base-url:https://<pap-hostname>:<pap-port>" \
  --set "shared-secret:pingauthorize" \
  --set "branch:Default Policies" \
  --set "decision-node:<your decision node ID value>"

dsconfig set-policy-decision-service-prop \
  --set pdp-mode:external \
  --set "policy-server:Policy Editor"