PingAuthorize

Applying the custom MuleSoft policy for PingAuthorize

You must apply the deployed custom MuleSoft policy to use MuleSoft as an application programming interface (API) gateway with PingAuthorize.

About this task

The PingAuthorize policy supports HTTP APIs configured with the Endpoint with proxy or Basic Endpoint options.

Steps

  1. Sign on to your MuleSoft Anypoint account.

  2. Go to the API manager, expand the API to which you want to attach the PingAuthorize policy, and click Version.

    Screen capture of the Manage API screen in the MuleSoft API Manager with a callout highlighting the Version value
  3. In the left navigation pane, click Policies.

    The Policies page supports applying the PingAuthorize policy to the API.

    Screen capture of the PingAuthorizeAPI v1 - Settings window under the Policies tab (highlighted) in the MuleSoft API Manager
  4. Click Apply New Policy.

    Screen capture of the PingAuthorizeAPI v1 Policies window under the Policies tab with the Apply New Policy button highlighted in lower center of the screen

    Result:

    The Select Policy window opens.

  5. In the Select Policy window, select the PingAuthorize policy and current version. Click Configure Policy.

    Screen capture of the Select Policy page with the PingAuthorize policy highlighted
  6. On the Apply Policy page, enter the following values:

    1. In the PAZ Token field, enter the sideband adapter shared secret generated as part of the prerequisites in Deploying the custom MuleSoft policy for PingAuthorize.

    2. In the PAZ Host field, enter the PingAuthorize host and port.

      Do not include the connection scheme (http:// or https://).

    3. Select the Enable SSL check box for a secure HTTPS connection between MuleSoft and PingAuthorize.

    4. Select the Allow self-signed certificate check box to enable MuleSoft to accept a self-signed certificate from PingAuthorize.

      For information about configuring PingAuthorize to use trusted certificates, see Importing signed and trusted certificates.

    5. Select an access token type:

      Choose from:

      • Use Authorization Header: Indicates that the authorization header of an incoming request should be passed to PingAuthorize and used to authorize the client.

      • Use hard-coded parsed access token: Allows configuration of an access token that will be used for every request. Use this only for testing purposes.

      • Use parsed access token: Allows configuration of a DataWeave expression for retrieving a parsed access token from the Mule message. When you use MuleSoft’s OAuth 2.0 Token Enforcement policies to obtain a parsed access token, use the expression #[authentication.properties.userProperties]. For more information, see DataWeave Language.

    6. Optional: Configure the Connection Timeout and Read Timeout.

    Timeouts govern the behavior of the API gateway when it cannot connect to PingAuthorize or the response from PingAuthorize is delayed.

    +

    Timeout parameter Description

    Connection Timeout

    Governs the time the API gateway waits to establish a connection with PingAuthorize, following which it sends the client request to the backend server.

    Read Timeout

    Governs the time the API Gateway waits for PingAuthorize’s response before sending the request to the backend server.

    +

    The default value is 5000 milliseconds (5 seconds). It’s good practice to configure a small value to limit the delay in case PingAuthorize isn’t reachable or is unresponsive.

    1. Optional: Select the Enable debug logging check box to see requests sent to PingAuthorize Server along with responses.

    2. Optional: Configure Methods & Resource Conditions.

      See Resource-Level Policies for more information.

      Screen capture of the Apply PingAuthorize policy page with fields completed as directed in steps 6a-h and in the Apply button in the lower right

Next steps

If there are any changes to PingAuthorize endpoints, repeat the process explained in step 6 and re-deploy the configuration.