Ping Identity Data Governance Server - Policy External Server

Data Governance Server Documentation Index
Configuration Reference Home

Policy External Server

Policy External Servers are used to specify connections to external policy decision point servers and to select the policies that will be used to authorize requests.

↓Parent Component
↓Relations to This Component
↓Properties
↓dsconfig Usage

Parent Component

The Policy External Server component inherits from the HTTP External Server

Relations to This Component

The following components have a direct aggregation relation to Policy External Servers:

Policy Decision Service

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	↓ connect-timeout
↓ base-url	↓ response-timeout
↓ hostname-verification-method
↓ key-manager-provider
↓ trust-manager-provider
↓ ssl-cert-nickname
↓ user-id
↓ shared-secret
↓ decision-node
↓ branch
↓ snapshot

Basic Properties

description

Description	A description for this External Server
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

base-url

Description	The base URL of the external server, optionally including port number, for example "https://externalService:9031".
Default Value	None
Allowed Values	An absolute URL, or a relative URL
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

hostname-verification-method

Description	The mechanism for checking if the hostname of the HTTP External Server matches the name(s) stored inside the server's X.509 certificate. This is only applicable if SSL is being used for connection security.
Default Value	strict
Allowed Values	allow-all - This mechanism turns hostname verification off. strict - This mechanism works the same way as the Java Runtime Environment. It is also compliant with RFC 2818 for dealing with wildcards. The hostname must match any of the Subject Alternative Names or the first CN. A wildcard can occur in the CN, and in any of the Subject Alternative Names. A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com".
Multi-Valued	No
Required	No
Admin Action Required	The Policy External Server must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

key-manager-provider

Description	The key manager provider to use if SSL (HTTPS) is to be used for connection-level security. When specifying a value for this property (except when using the Null key manager provider) you must ensure that the external server trusts this server's public certificate by adding this server's public certificate to the external server's trust store.
Default Value	The Java Runtime Environment's default key manager will be used
Allowed Values	The DN of any Key Manager Provider. The associated key manager provider must exist and must be enabled if SSL is to be used.
Multi-Valued	No
Required	No
Admin Action Required	The Policy External Server must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

trust-manager-provider

Description	The trust manager provider to use if SSL (HTTPS) is to be used for connection-level security.
Default Value	The Java Runtime Environment's default trust manager will be used
Allowed Values	The DN of any Trust Manager Provider. The associated trust manager provider must exist and must be enabled if SSL is to be used.
Multi-Valued	No
Required	No
Admin Action Required	The Policy External Server must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

ssl-cert-nickname

Description	The certificate alias within the keystore to use if SSL (HTTPS) is to be used for connection-level security. When specifying a value for this property you must ensure that the external server trusts this server's public certificate by adding this server's public certificate to the external server's trust store.
Default Value	A certificate will be chosen from the key manager arbitrarily.
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

user-id

Description	Specifies the user ID to authenticate calls to the policy server's governance engine API. This value is used to populate the username field of the Authorization header as well as the user-id header for calls to the policy server's governance engine API.
Default Value	DataGovernance
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

shared-secret

Description	Specifies the shared secret to authenticate calls to the policy server's governance engine API. This value is used to populate the password field of the Authorization header for calls to the policy server's governance engine API.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

decision-node

Description	Specifies the ID of the policy tree node that will act as the root node for policy evaluation. This value is used to populate the decision-node query parameter for calls to the policy server's governance engine API.
Default Value	If no value is defined, the decision-node query parameter is not populated.
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

branch

Description	Specifies the name of the policy branch to use for policy evaluation. This value is used to populate the branch query parameter for calls to the policy server's governance engine API.
Default Value	If no value is defined, the branch query parameter is not populated.
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

snapshot

Description	Specifies the ID of a specific commit to use for policy evaluation. This value is used to populate the snapshot query parameter for calls to the policy server's governance engine API.
Default Value	If no value is defined, the snapshot query parameter is not populated.
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

Advanced Properties

connect-timeout (Advanced Property)

Description	Specifies the maximum length of time to wait for a connection to be established before aborting a request to the server. A value of zero seconds indicates that no connect timeout should be enforced, although the network stack of the underlying operating system may enforce a limit.
Default Value	30 seconds
Allowed Values	A duration. Lower limit is 0 milliseconds. Upper limit is 2147483647 milliseconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

response-timeout (Advanced Property)

Description	Specifies the maximum length of time to wait for response data to be read from an established connection before aborting a request to the server. A value of zero seconds indicates that no response timeout should be enforced, although the network stack of the underlying operating system may enforce a limit.
Default Value	30 seconds
Allowed Values	A duration. Lower limit is 0 milliseconds. Upper limit is 2147483647 milliseconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured External Servers:

dsconfig list-external-servers
     [--property {propertyName}] ...

To view the configuration for an existing External Server:

dsconfig get-external-server-prop
     --server-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing External Server:

dsconfig set-external-server-prop
     --server-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Policy External Server:

dsconfig create-external-server
     --server-name {name}
     --set base-url:{propertyValue}
     --set shared-secret:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing External Server:

dsconfig delete-external-server
     --server-name {name}