Adding an Azure deployment package store - PingAuthorize - 9.3

PingAuthorize 9.3

bundle
pingauthorize-93
ft:publication_title
PingAuthorize 9.3
Product_Version_ce
PingAuthorize 9.3
category
ContentType
Product
Productdocumentation
paz-93
pingauthorize
ContentType_ce
Product documentation

To use the Deployment Manager, add a deployment package store for read access to the PingAuthorize server.

Use the administrative console or dsconfig to add the deployment package store.

Adding an Azure deployment package store using the administrative console

Set up your Azure storage account:

  • If you don't already have an Azure storage account, create one.
  • Add a container to your storage account.
  • Record the Connection string value found in your account's Access key settings.

For information on setting up an Azure storage account, see your Azure Blob Storage documentation.

  1. In the administrative console, go to Configuration > Authorization and Policies > Deployment Package Stores.
  2. Click New Deployment Package Store.
  3. In the New Deployment Package Store menu, select Azure Deployment Package Store.
  4. Complete the General Configuration fields.
    1. In the Name field, enter a name for the deployment package store.
    2. In the Poll Interval field, enter a value in seconds for how often the Azure store should be polled for changes.
      Note:

      A value of 0 only updates on restart.

    3. In the Azure Blob Connection String field, enter the connection string shown in your Azure storage account's Access key settings.
      Note:

      Your connection string value is not displayed after you enter it. The page still displays Set Value.

    4. In the Azure Blob Container field, enter the name of your container.
    5. In the Azure Blob Prefix field, enter the prefix you defined for the deployment package store.
  5. Optional: Complete the Policy Security fields.
    Note:

    If you select signed in the Deployment Package Security Level field, you must complete the Deployment Package Trust Store field.

  6. Click Save To PingAuthorize Server Cluster.

    Your Azure deployment package store is displayed on the Deployment Package Stores page.

Configure the PingAuthorize server to use embedded PDP mode with your deployment package store.

Adding an Azure deployment package store using dsconfig

Run dsconfig with the create-deployment-package-store option:
  • Create a store with an unsigned deployment package.
    dsconfig create-deployment-package-store \
      --store-name "<store-name>" \
      --type azure  \
      --set "poll-interval:<poll-interval>" \
      --set "azure-blob-connection-string:<blob-connection-string>"  \
      --set "azure-blob-container:<blob-container>"  \
      --set "azure-blob-prefix:<blob-prefix>"
  • Create a store with deployment-package-security-level set to signed.
    dsconfig create-deployment-package-store \
      --store-name "<store-name>"  \
      --type azure  \
      --set "poll-interval:<poll-interval>" \
      --set "azure-blob-connection-string:<blob-connection-string>"  \
      --set "azure-blob-container:<blob-container>"  \
      --set "azure-blob-prefix:<blob-prefix>"
      --set deployment-package-security-level:signed  \
      --set "deployment-package-trust-store:<trust-store-provider-name>"  \
      --set "deployment-package-verification-key-nickname:<key-nickname>"

Configure the PingAuthorize server to use embedded PDP mode with your deployment package store.