Configuring PingAccess for Apigee integration
About this task
Before Apigee can use PingAccess as an external authorization policy runtime service, you must prepare PingAccess to receive authorization requests from Apigee.
Steps
-
Enable the Sideband service:
-
Edit the
PA Home/conf/run.properties
file and setsideband.http.enabled=true
. -
Optional: By default, PingAccess will listen for sideband clients on port 3020. You can choose a different port by editing the value of the
sideband.http.port
property. -
Restart PingAccess.
-
-
Add a sideband client for Apigee:
-
Go to Applications → Sideband Clients and click +Add Sideband Client.
-
Give the client a name that helps you identify the Apigee environment, such as
Apigee-dev
. -
Click +Add Secret.
-
Keep the header name of
CLIENT-TOKEN
unchanged, and copy the shared secret value.You will need thisduring the Apigee configuration.
-
Click Save.
-
-
Optional: Download the sideband listener HTTPS certificate.
By default, the PingAuth shared flow is configured to only trust the PingAccess Sideband Listener HTTPS certificate if it is issued from a well-known certificate authority (CA). To trust specific HTTPS certificates for PingAccess servers:
-
Go to Security → Key Pairs.
-
Click the pencil icon () next to the key pair labeled SIDEBAND.
-
Click Download Certificate and save the public key certificate. You will need this during the Apigee configuration.
-