PingAuthorize

  1. Include the following JSON object in a POST request to https://<KONG_URL>/plugins:

    {
  "name": "ping-auth",
  "enabled": true,
  "config": {
    "service_url": "https://<PingAuthorize Server hostname>:<HTTPS Connection Handler port>/",
    "shared_secret": "<shared secret>",
    "secret_header_name": "<shared secret header name>"
  }
}

    • service_url: The hostname of your PingAuthorize Server instance and the port of the HTTPS Connection Handler. This URL shouldn’t contain /sideband in the path.

      For example, https://pingauthorize:8443.

    • shared_secret: The shared secret value you created in the PingAuthorize administrative console.

      The shared secret authenticates the ping-auth plugin to PingAuthorize. Version 1.2.0 of the plugin supports referenceable secrets. For security reasons, store the shared secret in a vault supported by Kong. Learn more in Secrets Management and Environment Variables Vault in the Kong documentation.

    • secret_header_name: The name of the header in which the shared secret is provided.

      Learn more in the Kong Gateway Admin API documentation.

  2. (Optional) Configure additional options.

    Option API Field Name Description

    Config.Connection KeepAlive Ms

    connection_keepAlive_ms

    The duration to keep the connection alive for reuse. The default is 60000.

    Config.Connection Timeout Ms

    connection_timeout_ms

    The duration to wait before the connection times out. The default is 10000.

    Config.Enable Debug Logging

    enable_debug_logging

    Controls if requests and responses are logged at the debug level. The default is false. For log messages to show in error.log, you must set log_level = debug in kong.conf.

    Config.Verify Service Certificate

    verify_service_certificate

    Controls whether the service certificate is verified. This is intended for testing purposes and the default is true.