This tutorial describes how to install an instance of the PingDataGovernance Policy Administration GUI.
These installation instructions are for tutorial purposes. They will only provide a limited install.
- Extract the contents of the compressed PingDataGovernance-PAP distribution file.
- Change the directory to PingDataGovernance-PAP.
- To configure the application, run the ./bin/setup script.
Answer the on-screen questions.
For the following questions, use the recommended answers provided.
Question Answer How would you like to configure the Policy Administration GUI? Use Quickstart to set up a demo server with credentials
password123and to use a self-signed certificate for SSL
On which port should the Policy Administration GUI listen for HTTPS communications? You can use any unused port here, but most of the examples in this guide assume that port 9443 is used for the PingDataGovernance Policy Administration GUI. Enter the fully qualified host name or IP address that users’ browsers will use to connect to this GUI? Unless you are testing on
localhost, ensure that the provided API URL uses the public DNS name of the PingDataGovernance Policy Administration GUI server as shown in the following example.
Copy and record any generated values needed to configure external
The Shared Secret is used in PingDataGovernance, under .
To start the Policy Administration GUI, or policy administration point (PAP),
The Policy Administration GUI runs in the background, so you can close the terminal window in which it was started without interrupting it.
[/opt/PingDataGovernance-PAP]$ bin/setup Please enter the location of a valid PingDataGovernance with Symphonic license file [/opt/PingDataGovernance-PAP/PingDataGovernance.lic]: /opt/PingDataGovernance/PingDataGovernance.lic PingDataGovernance Policy Administration GUI ============================================ How would you like to configure the Policy Administration GUI? 1) Quickstart (DEMO PURPOSES ONLY): This option configures the server with a form based authentication and generates a self-signed server certificate 2) OpenID Connect: This option configures the server to use an OpenID Connect provider such as PingFederate 3) Cancel the setup Enter option : 1 On which port should the Policy Administration GUI listen for application HTTPS communications? : 9443 Enter the fully qualified host name or IP address that users' browsers will use to connect to this GUI [centos.localdomain]: pap.examplecom On which port should the Policy Administration GUI listen for administrative HTTPS communications? : 9444 Would you like to enable periodic policy database backups? (yes / no) [yes]: yes Enter the backup schedule as a cron expression (defaults to daily at midnight): [0 0 0 * * ?]: 0 0 0 * * ? Setup Summary ========================================== Host Name: pap.example.com Server Port: 9443 Secure Access: Self-signed certificate Admin Port: 9444 Periodic Backups: Enabled Backup Schedule: 0 0 0 * * ? Command-line arguments that would set up this server non-interactively: setup demo --hostname pap.example.com --adminPort 9444 --port 9443 --certNickname server-cert \ --licenseKeyFile /opt/PingDataGovernance/PingDataGovernance.lic \ --backupSchedule '0 0 0 * * ?' --pkcs12KeyStorePath config/keystore.p12 \ --generateSelfSignedCertificate What would you like to do? 1) Set up the server with the parameters above 2) Provide the setup parameters again 3) Cancel the setup Enter option : Setup completed successfully Please configure the following values ==================================================================================== PingDataGovernance Server - Policy External Server Base URL: https://pap.example.com:9443 Shared Secret: 7ed6f52d6e71411ca9e58f9567c7de2e Trust Manager Provider: Blind Trust Please start the server by running bin/start-server
In this example, the PingDataGovernance Policy Administration GUI is now running and listening on port 9443.
https://<host>:9443. The default credentials are
Use the default user name and password sign on credentials for demo and testing purposes only, such as this initial walk-through. To configure the PingDataGovernance Policy Administration GUI for PingFederate OpenID Connect (OIDC) single sign-on (SSO), see Configuring an Authentication Server for OpenID Connect single sign-on.