PingAuthorize

Adding the PingAuthorize Shared Flow to Apigee

About this task

To install the PingAuth Shared Flow bundle in Apigee and configure it to integrate with PingAuthorize:

Steps

  1. Create a new bundle:

    Choose from:

    • For Apigee X, go to Develop → Shared Flows and click Upload Bundle.

    • For Apigee Edge and Apigee Private Cloud, click +Shared Flow and then click Upload Bundle.

  2. Upload the PingAuth Shared Flow bundle .zip file and name the shared flow PingAuth.

  3. Configure the connection to PingAuthorize:

    Choose from:

    • Apigee X

      Apigee X doesn’t support managing the configuration values stored in key value maps through the Apigee UI. You must add these configuration values to the key value map policy. The key value map is created and the configuration values are added the first time the PingAuth Shared Flow executes at runtime.

      1. Go to Develop → Shared Flows → PingAuth.

      2. On the Develop tab, select the latest revision in the Revisions list.

      3. In the Policies list, select the Load KVM Config policy.

      4. Remove the comment characters above and below the InitialEntries element in the policy editor panel.

      5. Edit the value for service_host_port to match the host name of your PingAuthorize server and the port of the HTTPS connection handler.

        For example, pingauthorize:8443.

        You can find the HTTPS connection handler port from the Configuration page of the PingAuthorize administrative console by going to System → Connection Handlers.

      6. Edit the value of shared_secret to match the value of the shared secret that you created in PingAuthorize.

      7. Click Save.

        Your finished configuration should look like this:

        Screen capture of the Apigee X key value map configuration for the PingAuth Shared Flow
    • Apigee Edge and Apigee Private Cloud

      Apigee Edge stores environment-specific configuration values in key value maps so that the same policies can be used across multiple deployment environments without any changes to the policies.

      1. Go to Environment → Key Value Maps and click +Key Value Map.

      2. Edit the key value map and click Add Entry.

      3. Use the key name service_host_port and set the value to match the host name of your PingAuthorize server and the port of the HTTPS connection handler. For example, pingauthorize:8443.

      4. Add a key called shared_secret and set the value to the shared secret that you created in PingAuthorize.

      5. Click Save.

        Your finished configuration should look like this:

        Screen capture of the Apigee Edge and Private Cloud key value map configuration for the PingAuth Shared Flow
  4. Optional: Configure HTTPS trust for PingAuthorize.

    By default, the PingAuth Shared Flow is configured to only trust the PingAuthorize HTTPS connection handler certificate if it is issued from a well-known certificate authority. To enable Apigee to trust specific HTTPS certificates from PingAuthorize servers:

    1. Go to Environment → TLS Keystores and click +Keystore.

    2. Give the keystore a name that helps you identify your PingAuthorize environment. For example, PingAuthorize-dev-truststore.

    3. Click the button to add a certificate. Enter a certificate alias and upload the certificate that is configured for the HTTPS connection handler in PingAuthorize. Click Save.

      Screen capture of the TLS keystores page in Apigee with a PingAuth keystore that contains the server certificate
    4. Go to Environment → References and click +Reference.

    5. Name the new reference PingAuthTrust. Select the keystore that you created previously, and then click Save.

      Screen capture of the Apigee References page after creating a PingAuthorize keystore reference called PingAuthTrust
    6. Go to Develop → Shared Flows → PingAuth.

    7. On the Develop tab, select the latest revision in the Revisions list.

    8. In the Policies list, select the Sideband Call policy.

    9. Remove the comment characters surrounding the TrustStore element in the policy editor panel, and then click Save.

      Screen capture of the Apigee Sideband Call policy with the PingAuthTrust keystore trust enabled
  5. Go to Develop → Shared Flows → PingAuth and deploy the most recent revision to your environment.