PingAuthorize

Deploying the PingAuthorize admin console

To administer multiple servers from a single PingAuthorize admin console instance, you can use Docker or a Java application server, such as Tomcat or Jetty, to run the admin console as a standalone instance.

Running the admin console as a standalone instance also allows you to make changes to the admin console without restarting the server’s HTTPS connection handlers.

Environment variables

You can change the value of any configuration property in the admin console’s application.yml file by setting an environment variable. Learn more in Using Environment Variables in the Spring Boot documentation.

For example, to set the system.readOnly property to true, which puts the admin console into read-only mode, include the following argument for a Docker deployment:

--env SYSTEM_READ_ONLY=true

Alternatively, you can run the following command for either Tomcat or Docker deployments:

export SYSTEM_READ_ONLY=true

Application base path

By default, the PingAuthorize Server hosts the admin console at the /console endpoint. To change this path, update the base-context-path property by updating the admin console’s web application extension.

If you host the admin console on a Tomcat server, you can deploy the resource/admin-console.war file to serve the admin console at the /admin-console endpoint. You can change the admin console endpoint by updating the .war file name.

Using Docker to run a standalone admin console

The admin console is available as a standalone Docker image on Docker Hub.

Steps

  1. To connect to a server deployed with Docker, run the admin console image in a local Docker deployment.

    The network you use must match the server container’s network.

    The following example deploys the standalone admin console image in a local Docker deployment with the admin console listening on port 8443 using the pingnet network. The docker run command uses the BRANDING_APP_NAME environment variable to set the name displayed by the admin console:

    docker login docker.corp.pingidentity.com:5600

docker run \
  --name pingauthorizeadminconsole \
  --publish 8443:8443 \
  --detach \
  --env VERBOSE=true \
  --env BRANDING_APP_NAME="PingAuthorize Admin Console"
  --tmpfs /run/secret \
  --network pingnet \
  --platform=linux/amd64 \
  docker.corp.pingidentity.com:5600/pingdataconsole/11.0.0.0-120825

    • If you’re deploying the admin console on an ARM version of Linux, you must include the --platform=linux/amd64 argument or set --env DOCKER_DEFAULT_PLATFORM=linux/amd64.

    • You can change the first port in the --publish line based on what port you want to use on your local machine, but you shouldn’t change the second port.

      To access the admin console outside of Docker on port 9443, for example, use 9443:8443.

  2. To access the admin console, go to https://<hostname>:<port>/console and enter the following credentials:

    • Server: <PingAuthorize-container-name>:<LDAPS-port>

    • Username: administrator

    • Password: 2FederateM0re

Setting up the admin console on a Tomcat server

To set up a standalone admin console on a Tomcat server, you need the .war file from the PingAuthorize Server’s resource/admin-console.zip archive.

You can use the .war file with Java application servers, such as Tomcat or Jetty. The following steps use Tomcat as the server environment.

Steps

  1. Download the Tomcat 11 .zip archive from the Apache Tomcat downloads page.

  2. Extract the .zip archive.

  3. To set up the Tomcat server, follow the instructions in the RUNNING.txt file from the extracted directory.

  4. Copy the .war file into the webapps folder in the Tomcat root directory.

  5. To start the Tomcat server, run startup.sh from the bin folder of the Tomcat root directory.

    Result:

    Tomcat automatically extracts the admin console from the compressed .war file into an exploded application directory and starts running it.

  6. Set a specific location for the console’s log output by updating the value of log.file in the admin console’s application.yml file.

  7. To access the admin console, add the name of the .war file to the end of the Tomcat server’s path.

    For example, if the Tomcat server is deployed on localhost:8080, and the .war file is named admin-console.war, the path to the admin console is localhost:8080/admin-console.

  8. (Optional) To change the name displayed by the admin console, edit the branding.appName configuration property in the console’s application.yml file.