PingAuthorize

Configuring the plugin using the Kong API

Steps

  1. Send the following in a POST request to https://{region}.api.konghq.com/konnect-api/api/runtime_groups/{controlPlaneId}/plugins:

    {
"name": "ping-auth",
"enabled": true,
"config": {
"enable_debug_logging": true,
"verify_service_certificate": false,
"secret_header_name": "<shared secret header name>",
"service_url": "https://<PingAuthorize Server hostname>:<HTTPS Connection Handler port>",
"shared_secret": "<shared secret>"
  }
}

    The following list describes the required fields for this API request:

    • Service_url: The full URL of the Ping policy provider. This should not contain /sideband in the path.

    • Shared_secret: The shared secret value to authenticate this plugin to the policy provider.

    • Secret_header_name: The header name in which the shared secret is provided. You can provide additional configuration in accordance with the Kong API specification.

  2. Configure the optional fields:

    Option API Field Name Description

    Connection KeepAlive Ms

    connection_keepAlive_ms

    The duration to keep the connection alive for reuse. The default is 60000.

    Connection Timeout Ms

    connection_timeout_ms

    The duration to wait before the connection times out. The default is 10000.

    Enable Debug Logging

    enable_debug_logging

    Controls if the requests and responses are logged at the debug level. The default is false. For log messages to show in error.log, you must set log_level = debug in kong.conf.

    Verify Service Certificate

    verify_service_certificate

    Controls whether the service certificate is verified. This is intended for testing purposes and the default is true.

    Result:

    Kong Konnect is configured to work with PingAuthorize.