Kong API gateway integration
Ping Identity provides the ping-auth
Kong Gateway integration plugin, which enables PingAuthorize to be used for attribute-based access control and policy decisions.
Integration with Kong Gateway allows PingAuthorize to handle the complexities of attribute-based access control and dynamic authorization, making it easier for you to control access to your API resources. Instead of configuring policies multiple times, deploy the Kong Gateway integration once and manage your policy rules in PingAuthorize.
The following are important to consider when using the ping-auth
Kong Gateway integration plugin for PingAuthorize:
- Mutual TLS (mTLS)
-
This plugin supports client certificate authentication using mTLS. However, this feature requires using the
mtls-auth
plugin, only available in the enterprise edition of Kong, in conjunction withping-auth
. For more information, see the Kong mTLS documentation. When configured,mtls-auth
uses the mTLS process to retrieve the client certificate, which allowsping-auth
to provide the certificate in theclient_certificate
field of the sideband requests. - Transfer-encoding
-
Because of an outstanding defect in Kong,
ping-auth
is unable to support the Transfer-Encoding header, regardless of the value. - Logging limit
-
Because of OpenResty’s log level limit, log messages are limited to 2048 bytes by default, which is less than the size of many requests and responses. For more information, see the OpenResty reference documentation.