PingAuthorize Server Documentation Index
Configuration Reference Home

Azure Deployment Package Store

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

An Azure Deployment Package Store represents a location in Azure blob storage from which deployment packages may be imported.

Parent Component
Properties
dsconfig Usage

Parent Component

The Azure Deployment Package Store component inherits from the Deployment Package Store

Properties

The properties supported by this managed object are as follows:


General Configuration Basic Properties: Advanced Properties:
↓ poll-interval  None
↓ azure-blob-connection-string
↓ azure-blob-container
↓ azure-blob-prefix
Policy Security Basic Properties: Advanced Properties:
 None ↓ deployment-package-security-level
↓ deployment-package-trust-store
↓ deployment-package-verification-key-nickname

Basic Properties

poll-interval

Property Group
General Configuration
Description
Specifies how often the PingAuthorize Server server scans the Deployment Package Store for new deployment packages. If the value of poll-interval is 0, then the server will not scan for new packages after the store is initialized.
Default Value
0 s
Allowed Values
A duration. Lower limit is 0 seconds.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

azure-blob-connection-string

Property Group
General Configuration
Description
The connection string for the Azure storage account.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

azure-blob-container

Property Group
General Configuration
Description
The Azure storage container containing the deployment packages.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

azure-blob-prefix

Property Group
General Configuration
Description
A prefix used for naming the deployment packages within Azure.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action


Advanced Properties

deployment-package-security-level (Advanced Property)

Property Group
Policy Security
Description
Specifies how the PingAuthorize Server server verifies the integrity of a deployment package loaded from this Deployment Package Store. All deployment packages include a message digest that the PingAuthorize Server server uses to verify that the contents of a deployment package have not been altered. A deployment package may also be cryptographically signed.

By default, this property is set to "unsigned", meaning that the PingAuthorize Server server will accept any deployment package with a valid digest but will not verify the deployment package's signature, if one is present.

Configure this property to "signed" to additionally require that a deployment package was created by a trusted Policy Editor. If this property is set to "signed", then the following properties must also be configured:

  1. deployment-package-trust-store
  2. deployment-package-verification-key
If the deployment package fails either the digest or signature check, then the PingAuthorize Server server will reject the configuration change and continue to use the current configuration.
Default Value
unsigned
Allowed Values
unsigned - The deployment package signature will not be verified.

signed - The deployment package must be signed and trusted.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

deployment-package-trust-store (Advanced Property)

Property Group
Policy Security
Description
Specifies the trust manager provider containing the public signing key certificate used to verify a deployment package. This is only used if the value of the deployment-package-security-level property is "signed". The trust manager provider specified by this property must refer to a trust store containing the public signing key certificate used by the Policy Editor that created the deployment package.
Default Value
None
Allowed Values
The DN of any File Based Trust Manager Provider. Any trust manager provider assigned to the Deployment Package Store must be enabled.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

deployment-package-verification-key-nickname (Advanced Property)

Property Group
Policy Security
Description
Specifies the nickname (also called the alias) of the public signing key certificate used to verify a deployment package. This is only used if the value of the deployment-package-security-level property is "signed". The value of this property must refer to the public signing key certificate included in the trust store designated by the deployment-package-trust-store property.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Deployment Package Stores:

dsconfig list-deployment-package-stores
     [--property {propertyName}] ...

To view the configuration for an existing Deployment Package Store:

dsconfig get-deployment-package-store-prop
     --store-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Deployment Package Store:

dsconfig set-deployment-package-store-prop
     --store-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Azure Deployment Package Store:

dsconfig create-deployment-package-store
     --store-name {name}
     --type azure
     --set azure-blob-connection-string:{propertyValue}
     --set azure-blob-container:{propertyValue}
     --set azure-blob-prefix:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Deployment Package Store:

dsconfig delete-deployment-package-store
     --store-name {name}