PingAccess

Setting up Kong Gateway

Download, install, and configure the ping-auth plugin to set up the Kong Gateway with PingAccess.

Before you begin

About this task

To configure the ping-auth plugin in Kong to set up a connection between PingAccess and Kong Gateway:

Steps

  1. Download and extract the ping-auth plugin for Kong Gateway from https://luarocks.org/modules/pingidentity/kong-plugin-ping-auth.

  2. Install the plugin by following the steps in Kong’s installation guide.

    1. To install using LuaRocks, run the command:

      luarocks install kong-plugin-ping-auth

    2. After installation, load the plugin into Kong by editing the following property in kong.conf: plugins = bundled,ping-auth.

    3. To confirm loading, look for the debug-level message Loading plugin: ping-auth in Kong’s error.log.

  3. In Kong Manager, click your default workspace and then click Plugins.

    Screen capture illustrating the Kong Manager UI on the Plugins page.

  4. For the ping-auth plugin, click Edit, and then click the toggle to enable the plugin.

    Screen capture that illustrates editing a plugin in Kong Manager. The toggle is blue to indicate it’s active, and the Global radio button is enabled.

  5. If you want to enable the plugin for specific consumers, services, or routes, click Scoped and then enter Service, Route, and Consumer information as needed.

  6. Connect Kong Gateway to PingAccess:

    1. Configure a sideband client in PingAccess and copy the shared secret.

      For more information, see Adding sideband clients.

    2. Enter the URL for PingAccess into the Config.Service URL field, making sure to use the sideband port specified in the run.properties file.

      The default port is 3020.

      Enable the configuration in the run.properties file in order for ping-auth to be able to communicate with PingAccess.
      Screen capture illustrating the Config.Service URL and Config.Shared Secret fields in Kong Manager. The Config.Verify Service Certificate is enabled.

    3. Paste the shared secret into the Config.Shared Secret field in Kong Manager.

    4. Update the Config.Secret Header Name in Kong Manager if this value was changed in PingAccess.

  7. If needed, configure the rest of the optional fields in Kong Manager or the API.

    Option API Field Name Description

    Config.Connection KeepAlive Ms

    connection_keepAlive_ms

    The duration to keep the connection alive for reuse. The default is 6000.

    Config.Connection Timeout Ms

    connection_timeout_ms

    The duration to wait before the connection times out. The default is 10000.

    Config.Enable Debug Logging

    enable_debug_logging

    Controls if requests and responses are logged at the debug level. The default is false. For log messages to show in the error.log, you must set log_level = debug in kong.conf.

    Config.Verify Service Certificate

    verify_service_certificate

    Controls whether the service certificate is verified. This is intended for testing purposes and the default is true.

  8. Click Update and then click Update Plugin.

    Result:

    Kong Gateway is now configured to work with PingAccess.