PingAuthorize

Troubleshooting the Apigee integration

Troubleshoot the most common issues with the Apigee gateway integration with PingAuthorize.

Troubleshooting API client HTTP 5xx errors

About this task

Apigee might return HTTP 502 when there is misconfiguration or miscommunication between the PingAuth Shared Flow for Apigee and PingAuthorize Server.

To address 5xx errors, make adjustments to the Load KVM Config policy assigned to PingAuth in Apigee X or the key value map that you created for the PingAuth Shared Flow in Apigee Edge or Apigee Private Cloud.

The PingAuth Shared Flow for Apigee logs warning messages to the Apigee error log when it encounters problems communicating with PingAuthorize. For more information, see Enable logging in Apigee.

Steps

  • Check the PingAuth Shared Flow service_host_port value.

    If the Apigee service_host_port value does not match your PingAuthorize server environment, the Apigee error log message might indicate that the plugin received an invalid response from the server.

    1. Confirm that the value entered for service_host_port matches the host name of your PingAuthorize server and the port of the HTTPS connection handler.

      You can find this port number on the Configuration page of the PingAuthorize administration console by going to System → Connection Handlers.

    2. If necessary, update the service_host_port value to match your PingAuthorize server.

  • Check the PingAuth Shared Flow shared secret.

    If the shared secret doesn’t match the API gateway credential in PingAuthorize, the Apigee error log message might indicate that the plugin received an HTTP 401 error from PingAuthorize, which gets translated to a 5xx error and then sent to the API client.

    1. Confirm that the value of the shared_secret key that you created in Apigee matches the shared secret value that you created for PingAuthorize.

    2. If necessary, on the Configuration page of the PingAuthorize administration console, go to Web Services and Applications → HTTP Servlet Extensions → Sideband API and update the value of the shared secret.

    3. Copy the new value of the shared secret and update the value of the Apigee shared_secret key.

Troubleshooting API client HTTP 4xx errors

The Apigee API gateway might return a 4xx error to the API client if the API client’s request can’t be authenticated by the PingAuthorize sideband API endpoint.

To troubleshoot 4xx errors caused by authentication issues against the PingAuthorize sideband API, see Policy decision data.

Setting up error response handling in the target server

About this task

You should have an Apigee policy that handles errors returned by the target server.

If you don’t configure error handling using a policy, the API proxy goes into an error state in the <TargetEndpoint> response, and the normal API proxy flow won’t continue to the <ProxyEndpoint>.

Steps

  1. Go to API Proxies → httpbin_bad_response → Develop and create a new ReturnGenericError policy of type AssignMessage. Configure the policy as desired.

    Screen capture of the ReturnGenericError policy creation within Apigee
  2. Select the PreFlow option in the Target Endpoints for your API proxy. Add the error policy you just created as a <Step> in the <DefaultFaultRule>.

    There are multiple methods for adding the error handling policy.

    Screen capture of adding the ReturnGenericError policy as a step within the DefaultFaultRule for the API proxy in Apigee

Enable logging in Apigee

To view error log messages, configure Apigee error logging. For more information, see the Apigee Trace documentation.

Apigee also provides debug logging for further troubleshooting. For more information, see Enabling debug logging in the Apigee documentation.