Configuring the PingAuthorize user store - PingAuthorize - 9.1

PingAuthorize

bundle
pingauthorize-91
ft:publication_title
PingAuthorize
Product_Version_ce
PingAuthorize 9.1
category
ContentType
Product
Productdocumentation
paz-91
pingauthorize
ContentType_ce
Product documentation

Configure PingAuthorize Server to use PingDirectory Server as its user store.

  1. To make a set of changes to PingDirectory Server that PingAuthorize Server needs, including the creation of a service account, run the prepare-external-store command.
    PingAuthorize/bin/prepare-external-store \
      --hostname <your-ds-host> --port 1636 --useSSL --trustAll \
      --governanceTrustStorePath PingAuthorize/config/truststore \
      --governanceTrustStorePasswordFile \
    PingAuthorize/config/truststore.pin \
      --bindDN "cn=directory manager" \
      --bindPassword <your-ds-password> \
      --governanceBindDN "cn=Authorize User,cn=Root DNs,cn=config" \
      --governanceBindPassword <your-pingauthorize-service-account-password> \
      --userStoreBaseDN "ou=people,dc=example,dc=com" \
      --no-prompt
  2. To configure PingAuthorize Server with a store adapter that allows it to communicate with PingDirectory Server to retrieve identity attributes, run the create-initial-config command.
    Note:

    Using create-initial-config is optional. However, if you do not use it, you do not get the user's profile (the requester's attributes). For more information, see User profile availability in policies.

    PingAuthorize/bin/create-initial-config \
      --no-prompt --port 8636 --useSSL --trustAll \
      --bindDN "cn=directory manager" \
      --bindPassword <your-pingauthorize-password> \
      --governanceBindPassword <your-pingauthorize-service-account-password> \
      --externalServerConnectionSecurity useSSL \
      --governanceTrustStorePath PingAuthorize/config/truststore \
      --governanceTrustStorePasswordFile \
    PingAuthorize/config/truststore.pin \
      --userStoreBaseDN "ou=people,dc=example,dc=com" \
      --userStore "<your-ds-host>:1636:Austin" \
      --userObjectClass "inetOrgPerson" \
      --initialSchema pass-through

    This command also sets up a System for Cross-domain Identity Management (SCIM) resource type that defines a Users type with a SCIM schema that is automatically mapped to an LDAP type, inetOrgPerson, on PingDirectory Server.