Complete the following steps to install PingIntelligence Dashboard:
  1. Create a <ping_install_dir> directory on your host machine. Make sure that the user has read and write permissions for the <ping_install_dir> directory.
  2. Download the PingIntelligence Dashboard binary
  3. Download Elasticsearch 6.8.1 (macOS/RHEL)
  4. Download Kibana 6.8.1 (RHEL 64-bit)
  5. Change directory to ping_install_dir:
    # cd pi_install_dir
  6. Untar the PingIntelligence Dashboard:
    # tar -zxf pi-api-dashboard-4.4.tar.gz
  7. Change directory to pingidentity/webgui/
    # cd pingidentity/webgui/ 
    
  8. Install PingIntelligence Dashboard by entering the following command and follow the instructions displayed on the prompt:
    # ./bin/pi-install-ui.sh
    
    elasticsearch-6.8.1.tar.gz file path >
    kibana-6.8.1-linux-x86_64.tar.gz file path >
    
    Use bundled ssl key and self signed certificate for ui server [y/n]? >[n]
    ssl private key path >
    ssl certificate path >
    
    Use default password [changeme] for all components and users [y/n]? > [n]
    UI login admin user 'admin' password >
    Renter UI login admin user 'admin' password >
    UI login regular user 'ping_user' password >
    Renter UI login regular user 'ping_user' password >
    
    ABS url >
    Use default access/secret key for ABS  [y/n] ? > [n]
    ABS access key >
    ABS secret key >
    
    ASE management url >
    Use default access/secret key for ASE  [y/n] ? > [n]
    ASE access key >
    ASE secret key >
    
    
    configuring elasticsearch… please wait for 15 seconds
    elasticsearch config is completed.
    
    configuring kibana…please wait 60 seconds
    kibana config is completed.
    
    configuring dashboard…
    generating new obfuscation master key
    dashboard config is completed.
    
    configuring webgui…
    generating new obfuscation master key
    webgui config is completed.
    
    saving auto generated credentials for all components to webgui_internal.creds file
    
    WebGUI installation completed. 
    
    Start WebGUI [y/n] > [y]
    
    start elasticsearch...
     elasticsearch started. Log is available at elasticsearch/logs/elasticsearch.log
    
    start dashboard……
     dashboard started. Log available at dashboard/logs/dashboard.log
    
    start kibana……
      kibana started. Log available at kibana/logs/kibana.log
    
    start ui server……
      UI server started. Log available at webgui/logs/admin/admin.log
    
    WebGUI started. Log available at webgui/logs/admin/admin.log
    
    Please access WebGUI at https://<pi_install_host>:8030 
    
    <pi_install_host> can be ip address, hostname or fully qualified domain name of this server. 
    <pi_install_host> should be reachable from your computer.
    
    Important Action:
    1) Credentials for all internal components are available in webgui_internal.creds file. Move this file from 
       this server and securely keep it elsewhere. For any debugging purposes you will be asked to get 
       credentials for a component from this file.
    2) Two obfuscation master keys are auto-generated
       pingidentity/webgui/config/webgui_master.key
       pingidentity/dashboard/config/dashboard_master.key
    3) For security purposes you should move obfuscation master keys from this server. But when components 
       are restarted, master keys should be present at the original locations.
     
    

Verify the installation

You can verify the installation by checking the process IDs (PID) of each component. You can check the pid of components at the following location:
  • Elasticsearch: <pi_install_dir>/elasticsearch/logs/elasticsearch.pid
  • Kibana: <pi_install_dir>/kibana/logs/kibana.pid
  • Dashboard: <pi_install_dir>/dashboard/logs/dashboard.pid
  • Webgui: <pi_install_dir>/webgui/logs/webgui.pid

Tune Dashboard performance parameters

Configure the following three parameters for Dashboard's better performance. Note that the following tuning parameters if you have your setup of Elasticsearch and Kibana.

If you have used PingIntelligence automated deployment or pi-install-ui.sh script to deploy Dashboard, these tuning are done as part of installation.
Parameter Description Location
Elasticsearch
-Xms and -Xmx
  • Xms - Defines the minimum heap size of Elasticsearch. Set it to 4GB as Xms4g.
  • Xmx - Defines the maximum heap size of Elasticsearch. Set it to 4GB as Xmx4g.
$ES_HOME/config/jvm.options
thread_pool.search.size Defines thread pool size for count/search/suggest operations in Elasticsearch. Configure it to 50% of total CPUs allocated. $ES_HOME/config/elasticsearch.yml
Kibana
elasticsearch.requestTimeout Time (in milliseconds) to wait for Elasticsearch to complete the request and return the response back to Kibana. Set the value to 60000 milliseconds. $KIBANA_HOME/config/kibana.yml

Mitigating Cross-Site-Scripting (XSS)

To detect and mitigate attacks like Cross Site Scripting(XSS), PingIntelligence Dashboard implements Content Security Policy (CSP). The following are the configuration details.

Response header - Content-Security-Policy

Response header value - default-src ‘self’; font-src ‘self’ use.typekit.net; script-src ‘self’ use.typekit.net; style-src ‘self’ ‘unsafe-inline’ use.typekit.net p.typekit.net; img-src ‘self’ data: p.typekit.net;