--- title: Configuring the ping-auth plugin in Konnect description: After you've uploaded the ping-auth plugin's schema to Konnect, configure the plugin in Gateway Manager or use the Kong API. component: pingauthorize version: 10.1 page_id: pingauthorize:pingauthorize_integrations:paz_configuring_pingauth_plugin_konnect canonical_url: https://docs.pingidentity.com/pingauthorize/10.1/pingauthorize_integrations/paz_configuring_pingauth_plugin_konnect.html revdate: January 3, 2024 section_ids: configuring-the-plugin-using-the-gateway-manager-ui: Configuring the plugin using the Gateway Manager UI steps: Steps result: Result configuring-the-plugin-using-the-kong-api: Configuring the plugin using the Kong API steps-2: Steps result-2: Result: --- # Configuring the ping-auth plugin in Konnect After you've uploaded the `ping-auth` plugin's schema to Konnect, configure the plugin in Gateway Manager or use the Kong API. | | | | - | ----------------------------------------------------------------------------- | | | Test the operation of the `ping-auth` plugin before you use it in production. | ​ * Using the Gateway Manager UI * Using the Kong API ## Configuring the plugin using the Gateway Manager UI ### Steps 1. In Gateway Manager, open Plugins from the sidebar, then click New Plugin. 2. On the Custom Plugins tab, click the ping-auth plugin. 3. **Optional:** To enable the plugin for specific consumers, services, or routes, click Scoped, and then enter the Service, Route, and Consumer information. 4. In the Service Url field, enter the host name of your PingAuthorize server and the port of the HTTPS Connection Handler. To find this port number in the PingAuthorize administrative console, go to Configuration → System → Connection Handlers. For example, `https://pingauthorize:8443`. 5. In the Shared Secret field, enter the PingAuthorize sideband client's shared secret. 6. Verify that the Secret Header Name matches the secret header name configured for the Sideband API Servlet Extension in PingAuthorize. ![Screen capture of the Kong Konnect configure plugin screen with the "Secret Header Name" field highlighted](_images/ong1702680219153.png) 7. Configure the following additional fields: | Option | API Field Name | Description | | -------------------------- | ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Connection KeepAlive Ms | `connection_keepAlive_ms` | The duration to keep the connection alive for reuse. The default is `60000`. | | Connection Timeout Ms | `connection_timeout_ms` | The duration to wait before the connection times out. The default is `10000`. | | Enable Debug Logging | `enable_debug_logging` | Controls if the requests and responses are logged at the debug level. The default is `false`. For log messages to show in `error.log`, you must set `log_level = debug` in `kong.conf`. | | Verify Service Certificate | `verify_service_certificate` | Controls whether the service certificate is verified. This is intended for testing purposes and the default is `true`. | 8. Click Save. ### Result Kong Konnect is now configured to work with PingAuthorize. ## Configuring the plugin using the Kong API ### Steps 1. Send the following in a `POST` request to `https://{region}.api.konghq.com/konnect-api/api/runtime_groups/{controlPlaneId}/plugins`: ```json { "name": "ping-auth", "enabled": true, "config": { "enable_debug_logging": true, "verify_service_certificate": false, "secret_header_name": "", "service_url": "https://:", "shared_secret": "" } } ``` The following list describes the required fields for this API request: * `Service_url`: The full URL of the Ping policy provider. This should not contain `/sideband` in the path. * `Shared_secret`: The shared secret value to authenticate this plugin to the policy provider. * `Secret_header_name`: The header name in which the shared secret is provided. You can provide additional configuration in accordance with the Kong API specification. 2. Configure the optional fields: | Option | API Field Name | Description | | -------------------------- | ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Connection KeepAlive Ms | `connection_keepAlive_ms` | The duration to keep the connection alive for reuse. The default is `60000`. | | Connection Timeout Ms | `connection_timeout_ms` | The duration to wait before the connection times out. The default is `10000`. | | Enable Debug Logging | `enable_debug_logging` | Controls if the requests and responses are logged at the debug level. The default is `false`. For log messages to show in `error.log`, you must set `log_level = debug` in `kong.conf`. | | Verify Service Certificate | `verify_service_certificate` | Controls whether the service certificate is verified. This is intended for testing purposes and the default is `true`. | #### Result: Kong Konnect is configured to work with PingAuthorize.