Configuring PingAccess for Apigee integration
Before Apigee can use PingAccess as an external authorization policy runtime service, you must prepare PingAccess to receive authorization requests from Apigee.
Steps
-
Enable the Sideband service:
-
Edit the
<PA Home>/conf/run.properties
file and setsideband.http.enabled=true
. -
(Optional) By default, PingAccess listens for sideband clients on port 3020. You can choose a different port by editing the value of the
sideband.http.port
property.Learn more in Port requirements and Configuration file reference.
-
Restart PingAccess.
-
-
Add a sideband client for Apigee:
-
Go to Applications > Sideband Clients and click Add Sideband Client.
-
Give the client a name that helps you identify the Apigee environment, such as
Apigee-dev
. -
Click Add Secret.
-
Keep the header name of
CLIENT-TOKEN
unchanged, and copy the shared secret value.You’ll need the shared secret value during the Apigee configuration.
-
Click Save.
-
-
(Optional) Download the sideband listener HTTPS certificate.
By default, the PingAuth shared flow is configured to trust the PingAccess Sideband Listener HTTPS certificates only if they’re issued from a well-known certificate authority (CA). To trust specific HTTPS certificates for PingAccess servers:
-
Go to Security > Key Pairs.
-
Click the Pencil icon next to the key pair labeled SIDEBAND.
-
Click Download Certificate and save the public key certificate.
You’ll need the public key certificate during the Apigee configuration.
-