Installing the server manually - PingAuthorize - 9.3

PingAuthorize 9.3

bundle
pingauthorize-93
ft:publication_title
PingAuthorize 9.3
Product_Version_ce
PingAuthorize 9.3
category
ContentType
Product
Productdocumentation
paz-93
pingauthorize
ContentType_ce
Product documentation

Choose your manual install mode for PingAuthorize Server and then perform the server installation.

  1. Read about the server installation modes and decide which mode you want to use.
  2. Complete the steps for your chosen mode, interactive or noninteractive.

About the server installation modes

There are several different installation modes for PingAuthorize Server.

PingAuthorize Server provides the following tools to help install and configure the system:

  • The setup tool performs the initial tasks needed to start PingAuthorize Server, including configuring Java virtual machine (JVM) runtime settings and assigning listener ports for the PingAuthorize Server's HTTP services.
  • The create-initial-config tool configures connectivity between a System for Cross-domain Identity Management (SCIM) 2 user store and PingAuthorize Server. During the process, the prepare-external-store tool prepares each PingDirectory Server to serve as a user store by PingAuthorize Server. Configuration can be written to a file to use for additional installations.
    Note:

    Using create-initial-config is optional. However, if you do not use it, you do not get the user's profile (the requester's attributes). For more information, see User profile availability in policies.

  • After the initial setup is finished, you can use the dsconfig tool and the administrative console to perform additional configuration.
Tip: You can use server profiles to automate deployment of PingAuthorize Server. For more information, see Deployment automation and server profiles.
To install a server instance, run the setup tool in one of the following modes:
Interactive command-line mode
Prompts for information during the installation process. To run the installation in this mode, use the setup --cli command.
Noninteractive command-line mode
Designed for setup scripts to automate installations or for command-line usage. To run the installation in this mode, setup must be run with the --no-prompt option as well as the other arguments required to define the appropriate initial configuration.

You can perform all installation and configuration steps while signed on to the system as the user or the role under which PingAuthorize Server will run.

Installing the server interactively

Run the setup tool, which prompts you interactively for the information that it needs to install PingAuthorize Server.

Be prepared to provide the following information:

  • The location of a valid license file
  • The name and password for an administrative account, which is also called the root user distinguished name (DN)
  • An available port for PingAuthorize Server to accept HTTPS requests
  • An available LDAPS port for PingAuthorize Server to accept administrative requests
  • Information related to the server's connection security, including the location of a keystore that contains the server certificate, the nickname of that server certificate, and the location of a truststore
  • The amount of memory to reserve for usage by the Java virtual machine (JVM)
  • A unique instance name for the server
  1. Run the setup command.
    $ ./setup
  2. To start and stop PingAuthorize Server, use the start-server and stop-server commands, respectively.

    For additional options, see Starting PingAuthorize Server.

Installing the server noninteractively

For an automated installation, run the setup tool in noninteractive, command-line mode.

Be prepared to provide the following settings using command-line arguments:
  • The location of a valid license file
  • The name and password for an administrative account, which is also called the root user distinguished name (DN).
  • An available port for PingAuthorize Server to accept HTTPS requests
  • An available LDAPS port for PingAuthorize Server to accept administrative requests
  • Information related to the server's connection security, including the location of a keystore that contains the server certificate, the nickname of that server certificate, and the location of a truststore
  • The amount of memory to reserve for usage by the Java virtual machine (JVM)
  • A unique instance name for the server
  • Run the setup tool to install the server noninteractively.
  • For more information about the available setup options, run setup with the --help argument, which displays a complete list of setup options, along with examples.
    $ ./setup --help
The following example sets up PingAuthorize with these settings:
  • LDAP port 8389
  • LDAPS port 8636
  • HTTPS port 8443
  • An automatically generated self-signed server certificate
  • 1 GB of memory reserved for the server’s JVM
  • A unique server instance name of pingauthorize1
  • A server location of Austin
$ ./setup \
  --cli --no-prompt --acceptLicense \
  --licenseKeyFile <path-to-license> \
  --rootUserDN "cn=directory manager" \
  --rootUserPassword <your-password> \
  --ldapPort 8389 --ldapsPort 8636 \
  --httpsPort 8443 \
  --generateSelfSignedCertificate \
  --maxHeapSize 1g \
  --instanceName pingauthorize1 \
  --location Austin