Installing the PingFederate service on Linux manually - PingFederate Bridge - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

If you have not installed PingFederate on Linux using the distribution .zip file, you can install it manually.

  • Request a license key through the Ping Identity licensing website.
  • Ensure you are logged on to your system with sufficient privileges to install and run an application.
  • Verify that you have installed the Java runtime and that you have set the required environment variables correctly. For more information, see Installing Java in the PingFederate Server documentation.

To install the PingFederate service on Linux manually:

  1. Download the distribution .zip file from the Ping Identity website.
  2. Extract the file into an installation directory, <pf_install>.
  3. Create a new local user account for the PingFederate service; for example, pingfederate.
    Note:

    The service account is referred to as <pf_user>.

  4. Change the ownership of the PingFederate installation directory <pf_install> and update the read and write permissions using the following commands.
    chown -R <pf_user> <pf_install>
    chmod -R 775 <pf_install>
  5. If the operating system supports systemd, follow these steps to install the PingFederate unit file.
    1. Edit the pingfederate.service systemd unit file, located in the <pf_install>/pingfederate/sbin/linux directory.
      Replace the following variables with information from your environment:
      ${PF_VERSION}
      The version of PingFederate.
      ${PF_USER}
      The local user account for the PingFederate service.
      ${PF_HOME}
      The <pf_install>/pingfederate directory.
      For example, if <pf_install> is /opt/identity.fed, replace ${PF_HOME} with /opt/identity.fed/pingfederate.
      ${PF_JAVA_HOME}
      The JAVA_HOME environment variable value (a directory).
    2. Copy the pingfederate.service file to the systemd unit files directory. For example, /etc/systemd/system.
      Note:

      Depending on the operating system, the exact location might vary. Consult your system administrators as needed. The rest of the step assumes /etc/systemd/system is the systemd unit files directory.

    3. Use the following command to update the read and write permissions of the pingfederate.service systemd unit file.
      chmod 664 /etc/systemd/system/pingfederate.service
    4. Use the following commands to load the new system configuration changes and start the PingFederate service.
      systemctl daemon-reload ;\
      systemctl start pingfederate
    5. Use the following commands to configure the PingFederate service to start automatically as the server boots.
      systemctl enable pingfederate ;\
      systemctl daemon-reload ;\
      systemctl restart pingfederate

    After setting up the PingFederate systemd unit file, you can use the following systemctl command to manage the PingFederate service.

    systemctl start pingfederate
    systemctl stop pingfederate
    systemctl restart pingfederate
    systemctl status pingfederate
  6. If the operating system supports SysV initialization, follow these steps to install the PingFederate script.
    1. Edit the pingfederate script, located in the <pf_install>/pingfederate/sbin/linux directory.
      Replace the following statements with information from your environment:
      PF_HOME=$PF_HOME
      Replace $PF_HOME with the <pf_install>/pingfederate directory.
      For example, if <pf_install> is /opt/identity.fed, replace $PF_HOME with /opt/identity.fed/pingfederate.
      USER="pingfederate"
      If the PingFederate service account is not pingfederate, replace pingfederate with the local user account for the PingFederate service.
      For example, if <pf_user> is pingfed, replace pingfederate with pingfed.
      Example (truncated)
      If <pf_install> and <pf_user> are /opt/identity.fed and pingfederate respectively, the required modifications are as follows
      ...
      PF_HOME=/opt/identity.fed/pingfederate
      DIR="$PF_HOME/sbin"
      USER="pingfederate"
      ...
    2. Copy the pingfederate script to the SysV initialization directory; for example, /etc/rc.d/init.d.
      The exact location might vary, depending on the operating system. Consult your system administrators, as needed. The rest of the step assumes /etc/rc.d/init.d is the SysV initialization directory.
    3. Use the following command to update the read and write permissions of the pingfederate SysV initialization script.
      chmod 755 /etc/rc.d/init.d/pingfederate
    4. Configure the operating system to start the PingFederate service at various runlevels.
      On an RHEL server, you can use the Service Configuration utility to do so.

      Alternatively, the initialization directories associated with various runlevels can accept manual symbolic links of the pingfederate script using the ln -s source target command.

      You can create the following symbolic links on an RHEL server where runlevels 2 and 4 are not used.
      ln -s /etc/rc.d/init.d/pingfederate /etc/rc3.d/S84pingfederate
      ln -s /etc/rc.d/init.d/pingfederate /etc/rc5.d/S84pingfederate
      ln -s /etc/rc.d/init.d/pingfederate /etc/rc0.d/K15pingfederate
      ln -s /etc/rc.d/init.d/pingfederate /etc/rc1.d/K15pingfederate
      ln -s /etc/rc.d/init.d/pingfederate /etc/rc6.d/K15pingfederate

      Some operating systems might require a restart of the system to activate the new scripts. Consult your system administrators as needed.

    After setting up the PingFederate SysV initialization script, you can use the Service Configuration utility or the following service commands to manage the PingFederate service.

    service pingfederate start
    service pingfederate stop
    service pingfederate restart
    service pingfederate status