Setting up Kong Gateway using the API
Before you begin
-
Install and start Kong Gateway. For more information, see the Kong Gateway documentation.
-
Install and start PingAccess. For more information, see Installing and Uninstalling PingAccess.
About this task
To configure the ping-auth
plugin in Kong to set up a connection between PingAccess and Kong Gateway:
Steps
-
Download and extract the
ping-auth
plugin for Kong Gateway from https://luarocks.org/modules/pingidentity/kong-plugin-ping-auth. -
Install the plugin by following the LuaRocks or Manual Installation steps in Kong’s installation guide.
-
To install using LuaRocks, run the command:
luarocks install kong-plugin-ping-auth
-
After installation, load the plugin into Kong by editing the following property in
kong.conf:
plugins = bundled,ping-auth
. -
To confirm loading, look for the debug-level message
Loading plugin: ping-auth
in Kong’serror.log
.
-
-
Send the following in a POST request to
https://<KONG_URL>/plugins
:{ "name": "ping-auth", "enabled": true, "config": { "service_url": "https://<PINGACCESS_URL>:3020/", "shared_secret": "<SHARED_SECRET>", "secret_header_name": "<HEADER_NAME>" } }
More information about the required fields are as follows:
service_url
-
The full URL of the Ping policy provider. This should not contain
/sideband…
in the path. shared_secret
-
The shared secret value to authenticate this plugin to the policy provider.
secret_header_name
-
The header name in which the shared secret is provided.
Additional configuration can be provided in accordance with the Kong API specification. For more information, see the Kong documentation.
Option API Field Name Description Config.Connection KeepAlive Ms
connection_keepAlive_ms
The duration to keep the connection alive for reuse. The default is
6000
.Config.Connection Timeout Ms
connection_timeout_ms
The duration to wait before the connection times out. The default is
10000
.Config.Enable Debug Logging
enable_debug_logging
Controls if requests and responses are logged at the debug level. The default is
false
. For log messages to show in theerror.log
, you must setlog_level = debug
inkong.conf
.Config.Verify Service Certificate
verify_service_certificate
Controls whether the service certificate is verified. This is intended for testing purposes and the default is
true
.