After you have deployed the PingDirectory administrative console, you can configure it.
-
Disable the embedded administrative console using dsconfig
or the administrative console to configure connection handlers:
- To use dsconfig, run
dsconfig set-connection-handler-prop
:dsconfig set-connection-handler-prop \ --handler-name "<HTTPS Connection Handler>" \ --reset web-application-extension
Note:Replace <HTTPS Connection Handler> with the name of the connection handler hosting the administrative console.
- To use the administrative console, open the console:
- On the Configuration page, go to Connection Handlers.
- In the Connection Handlers list, select the HTTP or HTTPS connection handler that is hosting the administrative console.
- Go to Web Application Extension and click the arrows to move Console from the Selected column on the right to the Available column on the left.
- To use dsconfig, run
-
To finalize your changes, restart the
HTTPS
Connection Handler using dsconfig:
dsconfig set-connection-handler-prop \ --handler-name "<HTTPS Connection Handler>" \ --set enabled:false dsconfig set-connection-handler-prop \ --handler-name "<HTTPS Connection Handler>" \ --set enabled:true
-
Configure the administrative console's application.yml
file.
You can configure the standalone PingDirectory server administrative console by modifying the /tmp/Console/WEB-INF/classes/application.yml file. To see the different configuration settings listed in the default application.yml file included with the administrative console and what they do, expand the following table.
Configuration settingsConfiguration settings Setting Description spring.*
For information about these properties, see the Spring API docs.
You should not modify them.
management.server.base-path
Controls the prefix of the Spring Boot Actuator endpoints of the console application.
You should not modify this setting.
logging.level.*
Controls the severity level of messages logged about these packages.
log.console
If this is set to
true
, the console logs messages to a file.log.file
If logging is enabled, this specifies the file that the console will log to.
PingData.SSO.OIDC.enabled
If this is set to
true
, the console attempts to use OpenID Connect (OIDC) single sign-on (SSO) to bind to the managed server.If
false
, the console asks for a username and password.PingData.SSO.OIDC.issuer-uri
The issuer URI to the OIDC provider.
PingData.SSO.OIDC.client-id
The client ID used with the OIDC provider.
PingData.SSO.OIDC.client-secret
The client secret used with the OIDC provider.
PingData.SSO.OIDC.trust-store-file
The file path to the trust store used when communicating with the OIDC provider.
PingData.SSO.OIDC.trust-store-type
The type of trust store specified by PingData.SSO.OIDC.trust-store-file.
PingData.SSO.OIDC.trust-store-pin
Specifies the password used with the trust store specified by PingData.SSO.OIDC.trust-store-file.
PingData.SSO.OIDC.trust-store-pin-environment-variable
Specifies the environment variable containing the password used with the trust store specified by PingData.SSO.OIDC.trust-store-file.
PingData.SSO.OIDC.strict-hostname-verification
If this is set to
true
, the console requires a matching host name on the OIDC provider certificate.PingData.SSO.OIDC.trust-all
If this is set to
true
, the console accepts any OIDC provider certificate.PingData.SSO.OIDC.username-attributes
The LDAP attribute containing the username of the user the console is logging in as when using SSO.
login.hide-server
If this is set to
true
, the 'server' field is hidden on the sign on page.ldap.server
Auto-populates the 'server' field on the sign-on page.
If
login.hide-server=true
, this value determines which directory server the console tries to bind to.ldap.init-user
Auto-populates the
user
field on the sign-on page.ldap.init-password
Auto-populates the
password
field on the sign-on page.ldap.trust-store-file
The file path to the trust store used when binding to the directory server.
ldap.trust-store-type
Specifies the type of trust store specified by trust-store-file.
ldap.trust-store-pin
Specifies the password used with the trust store specified by trust-store-file.
ldap.trust-store-pin-environment-variable
Specifies the environment variable containing the password used with the trust store specified by trust-store-file.
ldap.file-servlet-name
Specifies the name of the file servlet on the managed directory server to use when fetching generated
collect-support-data
(CSD) or server profiles.ldap.csd-task-enabled
If this is set to
true
, the console has a button that has the managed directory server run acollect-support-data
task.ldap.csd-destination-folder
The file path to the folder where the managed directory server stores generated CSD files after running the
collect-support-data
task.ldap.profile-destination-folder
The file path to the folder where the managed directory server stores generated server profiles after running the
generate-server-profile
task.Important:Do not change this property.
branding.custom-folder
The file path to the folder that holds custom branding.properties, branding.css, and favicon.ico files.
If empty, default Ping Identity branding is used instead.
configuration.complexity
Determines the maximum complexity level for shown configuration objects.
The possible values are
basic
,standard
,advanced
, andexpert
.server.sessionTimeout
The amount of time a web session can remain idle before the user must sign on again. The time is set in seconds unless you use a time interval (h for hours or m for minutes). If not specified, the default is 24 hours.
Note:After modifying the application.yml file, you must restart the console for your changes to take effect.
-
Select servers to manage in the administrative console:
-
To use the application.yml file to select a server
for the administrative console to manage:
- Set the
ldap.server
property to the address of the LDAP server to bind to. - Restart the console using the following
command:
dsconfig set-connection-handler-prop \ --handler-name "<HTTPS Connection Handler>" \ --set enabled:false dsconfig set-connection-handler-prop \ --handler-name "<HTTPS Connection Handler>" \ --set enabled:true
- Set the
-
To switch between managed servers in a single topology while signed on
to the administrative console, in the Servers
list, select the server that you want to manage.
-
To select a server when sso is not
enabled and the
login.hide-server
property in application.yml isfalse
:- If you are signed on to the console, sign off of your current session.
- Change the Server field value on the console sign-on page to the address of the LDAP server you want to manage.
-
To select a server when SSO is enabled:
- Enter the console URL with the
ldap-hostname
andldaps-port
query parameters specified when accessing the console: https://<hostname>:<port>/console/login?ldap-hostname=<ldap.host>&ldaps-port=<ldaps-port>
In the following example URL, <hostname> is localhost, <port> is 443, ldap-hostname is <ldap.host>, and the <ldaps-port> is 636.
https://localhost:443/console/login?ldap-hostname=ldap.host&ldaps-port=636
- Enter the console URL with the
-
To use the application.yml file to select a server
for the administrative console to manage: