After you successfully set up the PingDataGovernance Policy Administration GUI, you must start the server and then configure PingDataGovernance Server to use the Policy Administration GUI as its policy decision point (PDP).
The containers must be on the same Docker network to communicate properly.
Sign on to the Policy Administration GUI. For more information, see Signing on to the PingDataGovernance Policy Administration GUI and import a policy snapshot. You can find a set of default policies in the resource/policies/defaultPolicies.SNAPSHOT file.
To configure PingDataGovernance Server to use the Policy Administration GUI, use dsconfig or the Administrative Console to create a Policy External Server to represent the Policy Administration GUI, then assign the Policy External Server to the Policy Decision Service and configure it to use external PDP mode. Also, set the Trust Framework Version to the current version, v2.
Consider the following example. Assume a container named pingdatagovernance and that no files are needed from the file system. The following commands run dsconfig from within the container.
docker exec pingdatagovernance /opt/out/instance/bin/dsconfig create-external-server \
--server-name "Policy Administration GUI" \
--type policy \
--set "base-url:https://<pap-hostname>:<pap-port>" \
--set "shared-secret:2FederateM0re" \
--set "branch:Default Policies"
docker exec pingdatagovernance /opt/out/instance/bin/dsconfig set-policy-decision-service-prop \
--set pdp-mode:external \
--set "policy-server:Policy Administration GUI" \
--set trust-framework-version:v2
In the example, the base URL consists of the host name and port chosen for the Policy
Administration GUI during setup. The shared secret value is
2FederateM0re
by default. The branch name corresponds to the
branch name that you chose when importing your policy snapshot.