Skip to content

Ping Identity DevOps Docker Image - pingaccess

This docker image includes the Ping Identity PingAccess product binaries and associated hook scripts to create and run both PingAccess Admin and Engine nodes.

  • pingidentity/pingbase - Parent Image

    This image inherits, and can use, Environment Variables from pingidentity/pingbase

  • pingidentity/pingcommon - Common Ping files (i.e. hook scripts)
  • pingidentity/pingdownloader - Used to download product bits

Environment Variables

In addition to environment variables inherited from pingidentity/pingbase, the following environment ENV variables can be used with this image.

ENV Variable Default Description
SHIM ${SHIM}
IMAGE_VERSION ${IMAGE_VERSION}
IMAGE_GIT_REV ${IMAGE_GIT_REV}
PING_PRODUCT PingAccess Ping product name
LICENSE_DIR ${SERVER_ROOT_DIR}/conf License directory
LICENSE_FILE_NAME pingaccess.lic Name of license file
LICENSE_SHORT_NAME PA Short name used when retrieving license from License Server
LICENSE_VERSION ${LICENSE_VERSION} Version used when retrieving license from License Server
PA_ADMIN_PASSWORD ${INITIAL_ADMIN_PASSWORD}
OPERATIONAL_MODE STANDALONE
PA_ADMIN_PASSWORD_INITIAL 2Access Change non-default password at startup by including this and PING_IDENTITY_PASSWORD
STARTUP_COMMAND ${SERVER_ROOT_DIR}/bin/run.sh The command that the entrypoint will execute in the foreground to instantiate the container
TAIL_LOG_FILES ${SERVER_ROOT_DIR}/log/pingaccess.log Files tailed once container has started
PA_ADMIN_PORT 9000
JAVA_RAM_PERCENTAGE 60.0 Percentage of the container memory to allocate to PingAccess JVM DO NOT set to 100% or your JVM will exit with OutOfMemory errors and the container will terminate
FIPS_MODE_ON false Turns on FIPS mode (currently with the Bouncy Castle FIPS provider) set to exactly "true" lowercase to turn on set to anything else to turn off
PA_ENGINE_PORT 3000
PING_IDENTITY_PASSWORD ${PA_ADMIN_PASSWORD} Specify a password for administrator user for interaction with admin API

Ports Exposed

The following ports are exposed from the container. If a variable is used, then it may come from a parent container

  • ${PA_ADMIN_PORT}
  • ${PA_ENGINE_PORT}
  • ${HTTPS_PORT}

Running a PingAccess container

To run a PingAccess container:

  docker run \
           --name pingaccess \
           --publish 9000:9000 \
           --publish 443:1443 \
           --detach \
           --env SERVER_PROFILE_URL=https://github.com/pingidentity/pingidentity-server-profiles.git \
           --env SERVER_PROFILE_PATH=getting-started/pingaccess \
           --env PING_IDENTITY_ACCEPT_EULA=YES \
           --env PING_IDENTITY_DEVOPS_USER \
           --env PING_IDENTITY_DEVOPS_KEY \
           --tmpfs /run/secrets \
           pingidentity/pingaccess:edge

Follow Docker logs with:

docker logs -f pingaccess

If using the command above with the embedded server profile, log in with:

  • https://localhost:9000
  • Username: Administrator
  • Password: 2FederateM0re

Docker Container Hook Scripts

Please go here for details on all pingaccess hook scripts


This document is auto-generated from pingaccess/Dockerfile

Copyright © 2021 Ping Identity Corporation. All rights reserved.