Note: this is an abstract component that cannot be instantiated.
Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
Deployment Package Stores represent locations where the PingAuthorize Server server can scan for new deployment packages.
A Deployment Package Store is a location, whether on the local filesystem or in a cloud storage solution, where deployment packages can be pushed by the Policy Editor. When one is configured and the Policy Decision Service is in embedded mode, the PingAuthorize Server server will scan the store with a frequency represented by poll-interval, automatically updating the deployment package used for policy decisions.
↓Direct Subcomponents
↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following Deployment Package Stores are available in the server :
These Deployment Package Stores inherit from the properties described below.
The following components have a direct aggregation relation from Deployment Package Stores:
The following components have a direct aggregation relation to Deployment Package Stores:
The properties supported by this managed object are as follows:
General Configuration Basic Properties: | Advanced Properties: |
---|---|
↓ poll-interval | None |
Policy Security Basic Properties: | Advanced Properties: |
None | ↓ deployment-package-security-level |
↓ deployment-package-trust-store | |
↓ deployment-package-verification-key-nickname |
Property Group | General Configuration |
Description | Specifies how often the PingAuthorize Server server scans the Deployment Package Store for new deployment packages. If the value of poll-interval is 0, then the server will not scan for new packages after the store is initialized. |
Default Value | 0 s |
Allowed Values | A duration. Lower limit is 0 seconds. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
deployment-package-security-level (Advanced Property)
Property Group | Policy Security |
Description | Specifies how the PingAuthorize Server server verifies the integrity of a deployment package loaded from this Deployment Package Store. All deployment packages include a message digest that the PingAuthorize Server server uses to verify that the contents of a deployment package have not been altered. A deployment package may also be cryptographically signed. By default, this property is set to "unsigned", meaning that the PingAuthorize Server server will accept any deployment package with a valid digest but will not verify the deployment package's signature, if one is present. Configure this property to "signed" to additionally require that a deployment package was created by a trusted Policy Editor. If this property is set to "signed", then the following properties must also be configured:
|
Default Value | unsigned |
Allowed Values | unsigned - The deployment package signature will not be verified. signed - The deployment package must be signed and trusted. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
deployment-package-trust-store (Advanced Property)
Property Group | Policy Security |
Description | Specifies the trust manager provider containing the public signing key certificate used to verify a deployment package. This is only used if the value of the deployment-package-security-level property is "signed". The trust manager provider specified by this property must refer to a trust store containing the public signing key certificate used by the Policy Editor that created the deployment package. |
Default Value | None |
Allowed Values | The DN of any File Based Trust Manager Provider. Any trust manager provider assigned to the Deployment Package Store must be enabled. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
deployment-package-verification-key-nickname (Advanced Property)
Property Group | Policy Security |
Description | Specifies the nickname (also called the alias) of the public signing key certificate used to verify a deployment package. This is only used if the value of the deployment-package-security-level property is "signed". The value of this property must refer to the public signing key certificate included in the trust store designated by the deployment-package-trust-store property. |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Deployment Package Stores:
dsconfig list-deployment-package-stores [--property {propertyName}] ...
To view the configuration for an existing Deployment Package Store:
dsconfig get-deployment-package-store-prop --store-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Deployment Package Store:
dsconfig set-deployment-package-store-prop --store-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To delete an existing Deployment Package Store:
dsconfig delete-deployment-package-store --store-name {name}