Setting up Kong Gateway using the API

Before you begin

Install and start Kong Gateway. For more information, see the Kong Gateway documentation.
Install and start PingAccess. For more information, see Installing and Uninstalling PingAccess.

About this task

To configure the ping-auth plugin in Kong to set up a connection between PingAccess and Kong Gateway:

Steps

Download and extract the ping-auth plugin for Kong Gateway from https://luarocks.org/modules/pingidentity/kong-plugin-ping-auth.
Install the plugin by following the steps in Kong’s installation guide.
1. To install using LuaRocks, run the command:
  luarocks install kong-plugin-ping-auth
2. After installation, load the plugin into Kong by editing the following property in kong.conf: plugins = bundled,ping-auth.
3. To confirm loading, look for the debug-level message Loading plugin: ping-auth in Kong’s error.log.

Send the following in a POST request to https://<KONG_URL>/plugins:

{
    "name": "ping-auth",
    "enabled": true,
    "config": {
        "service_url": "https://<PINGACCESS_URL>:3020/",
        "shared_secret": "<SHARED_SECRET>",
        "secret_header_name": "<HEADER_NAME>"
    }
}

More information about the required fields are as follows:

service_url: The full URL of the Ping policy provider. This should not contain /sideband… in the path.
shared_secret: The shared secret value to authenticate this plugin to the policy provider.
secret_header_name: The header name in which the shared secret is provided.

Additional configuration can be provided in accordance with the Kong API specification. For more information, see the .konghq.com/gateway/2.8.x/admin-api///[Kong documentation].

Option API Field Name Description

Option	API Field Name	Description
`Config.Connection KeepAlive Ms`	`connection_keepAlive_ms`	The duration to keep the connection alive for reuse. The default is `6000`.
`Config.Connection Timeout Ms`	`connection_timeout_ms`	The duration to wait before the connection times out. The default is `10000`.
`Config.Enable Debug Logging`	`enable_debug_logging`	Controls if requests and responses are logged at the debug level. The default is `false`. For log messages to show in the `error.log`, you must set `log_level = debug` in `kong.conf`.
`Config.Verify Service Certificate`	`verify_service_certificate`	Controls whether the service certificate is verified. This is intended for testing purposes and the default is `true`.

Config.Connection KeepAlive Ms

connection_keepAlive_ms

The duration to keep the connection alive for reuse. The default is 6000.

Config.Connection Timeout Ms

connection_timeout_ms

The duration to wait before the connection times out. The default is 10000.

Config.Enable Debug Logging

enable_debug_logging

Controls if requests and responses are logged at the debug level. The default is false. For log messages to show in the error.log, you must set log_level = debug in kong.conf.

Config.Verify Service Certificate

verify_service_certificate

Controls whether the service certificate is verified. This is intended for testing purposes and the default is true.