PingAccess

Configuring PingAccess for Apigee integration

Before Apigee can use PingAccess as an external authorization policy runtime service, you must prepare PingAccess to receive authorization requests from Apigee.

Steps

  1. Enable the Sideband service:

    1. Edit the <PA Home>/conf/run.properties file and set sideband.http.enabled=true.

    2. (Optional) By default, PingAccess listens for sideband clients on port 3020. You can choose a different port by editing the value of the sideband.http.port property.

    3. Restart PingAccess.

  2. Add a sideband client for Apigee:

    1. Go to Applications > Sideband Clients and click Add Sideband Client.

    2. Give the client a name that helps you identify the Apigee environment, such as Apigee-dev.

    3. Click Add Secret.

    4. Keep the header name of CLIENT-TOKEN unchanged, and copy the shared secret value.

      You’ll need the shared secret value during the Apigee configuration.

    5. Click Save.

  3. (Optional) Download the sideband listener HTTPS certificate.

    By default, the PingAuth shared flow is configured to trust the PingAccess Sideband Listener HTTPS certificates only if they’re issued from a well-known certificate authority (CA). To trust specific HTTPS certificates for PingAccess servers:

    1. Go to Security > Key Pairs.

    2. Click the Pencil icon next to the key pair labeled SIDEBAND.

    3. Click Download Certificate and save the public key certificate.

      You’ll need the public key certificate during the Apigee configuration.