You can change the default settings of PingIntelligence Dashboard by editing the /<pi-install-path>/pingidentity/pi-api-deployment/config/dashboard-defaults.yml file. The following table lists the variables that you can set for PingIntelligence Dashboard in various configurations.
Variable | Description |
---|---|
|
Port number to connect to PingIntelligence Dashboard. |
|
Defines the mode in which Dashboard authenticates. The valid values are
Note:
You should use |
|
Defines the maximum time for a session. The configured values should be in
the form of |
|
Defines the maximum number of active UI sessions at any given time. The value should be greater than 1. |
|
The passwords for webgui Note:
|
Single sign-on (SSO) configurations -
Applicable only when authentication_mode is set as
sso |
|
|
Client ID value in configured in the Identity provider. |
|
Client Secret configured for the corresponding Client ID. |
|
OpenID Connect (OIDC) Client authentication mode. The valid values are
|
|
HTTPS IP address of OIDC provider. Also, place the SSO provider's issuer-certificate in the following path - <installation_path>/pingidentity/certs/webgui/ |
|
Claim name for unique ID of the user in UserInfo response. A new user is provisioned using this unique ID value. |
|
Claim name for first name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
|
Claim name for last name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
|
Claim name for role of the user in UserInfo response. Default value is
|
|
Additional scopes in authorization request. Multiple scopes should be comma (,) separated values. OpenID, profile scopes are always requested. |
-End-of-SSO-configurations- | |
SSL configuration for PingIntelligence Dashboard
|
Configure the passwords for keystore and key alias. |
H2 database configuration:
|
Password for H2 database and password for encryption |
Discovery configuration - The following variables configure
discovery settings for Dashboard:
PingAccess
Axway
|
Configure PingAccess or Axway URL, username and password if the discovery
source is |
|
Configures whether the deployment package installs X-pack. The default value
is |
|
If you have set |
|
Configure the distribution type of Elasticsearch. Allowed values are
Note:
This variable is available for configuration in PingIntelligence for APIs 4.4.1. |
|
If you want to use an already available Elasticsearch username, configure it
in |
|
Elasticsearch password. The default value is Note:
Do not change the |
|
Consumer user in Kafka. Default: |
|
Consumer user password. Default: |
|
Group in Kafka for data engine consumer. Default: |
|
Password for the default user name |
|
Password for the admin. |
Syslog configuration:
|
Configure Syslog details. Setting Provide the host and port number of syslog server. |
Make sure to take a backup of the dashboard-defaults.yml file on a secure machine after the automated installation is complete.
The following is a sample dashboard-defaults.yml file.
---
webgui:
# Define ports for PingIntelligence WebGUI
# Make sure ports are not same for single server installation
port: 8030
# allowed values: native, sso.
# In native mode, webgui users are self managed and stored in webgui.
# In sso mode, webgui users are managed and stored in an Identity provider.
authentication_mode: native
# Maximum duration of a session.
# Value should be in the form of <number><duration_suffix>
# Duration should be > 0.
# Allowed duration_suffix values: m for minutes, h for hours, d for days.
session_max_age: 6h
# Number of active UI sessions at any time.
# Value should be greater than 1.
max_active_sessions: 50
## admin_password and ping_user_password are applicable in native authentication_mode only.
# webgui "admin" account password
admin_password: changeme
# webgui "ping_user" account password
ping_user_password: changeme
## Below sso configuration properties are applicable in sso authentication_mode only.
# Client ID value in Identity provider.
sso_oidc_client_id: pingintelligence
# Client Secret of the above Client ID.
sso_oidc_client_secret: changeme
# OIDC Client authentication mode.
# Valid values: BASIC, POST, or NONE
sso_oidc_client_authentication_method: BASIC
# OIDC Provider uri
# WebGUI queries <issuer-uri>/.well-known/openid-configuration to get OIDC provider metadata
# issuer ssl certificate is not trusted by default. So import issuer ssl certificate into config/webgui.jks
# issuer should be reachable from both back-end and front-end
sso_oidc_provider_issuer_uri: https://127.0.0.1:9031
# Place the sso provider issuer-certificate in the following path => <installation_path>/pingidentity/certs/webgui/
# Name of the file should be => webgui-sso-oidc-provider.crt
# claim name for unique id of the user in UserInfo response
# a new user is provisioned using this unique id value
sso_oidc_provider_user_uniqueid_claim_name: sub
# claim name for first name of the user in UserInfo response
# either first name or last name can be empty, but both should not be empty
sso_oidc_provider_user_first_name_claim_name: given_name
# claim name for last name of the user in UserInfo response
# either first name or last name can be empty, but both should not be empty
sso_oidc_provider_user_last_name_claim_name: family_name
# claim name for role of the user in UserInfo response
sso_oidc_provider_user_role_claim_name: role
# additional scopes in authorization request
# multiple scopes should be comma (,) separated
# openid,profile scopes are always requested
sso_oidc_client_additional_scopes:
## End of sso configuration
# ssl key store password of webgui hosts
server_ssl_key_store_password: changeme
server_ssl_key_alias: webgui
# local h2 db datasource properties
h2_db_password: changeme
h2_db_encryption_password: changeme
# allowed values: abs/pingaccess/axway
discovery_source: abs
# allowed values: auto/manual
discovery_mode: auto
# value is in minutes
discovery_mode_auto_polling_interval: 10
discovery_mode_auto_delete_non_discovered_apis: false
# valid only if discovery_source is set to pingaccess
pingaccess_url: https://127.0.0.1:9000/
pingaccess_username: Administrator
pingaccess_password:
# valid only if discovery_source is set to axway
axway_url: https://127.0.0.1:8075/
axway_username: apiadmin
axway_password:
dataengine:
ui:
# Install elasticsearch with xpack enabled
# If there is no authentication on pre-existing elasticsearch, set this to false
enable_xpack: true
server_port: 8040
# When install_elasticsearch is set to false in config/hosts, this url will be used
# Give the complete url with https/http and elasticsearch port number
# Make sure elasticsearch_url is accessible from ansible management host, dataengine, webgui nodes.
elasticsearch_url: https://search-giueibohzd6pfijfysjfsxucty.pingidentity.com:443
# Configuration distribution type of elasticsearch. Allowed values are default or aws
elasticsearch_distro_type: default
# User with permission set similar to "elastic" user
elastic_username: elastic
# Passwords for "elasticsearch","ping_user" and "ping_admin" users
# dataengine will be accessible for these accounts
# Please set strong passwords
# If enable_xpack is set to false, below passwords are ignored
elastic_password: changeme
# ssl key store password of webgui hosts
server_ssl_key_store_password: changeme
server_ssl_key_alias: dataengine
#Users ,passowrd and groupid for dataengine in kafka
consumer_user: pi4api_de_user
consumer_authentication_password: changeme
dataengine_groupid: pi4api.data-engine
syslog:
# Configuration for syslog
enable_syslog: false
host: localhost
port: 614
facility: LOCAL0