PingAuthorize

Kong API gateway integration

Ping Identity provides the ping-auth Kong Gateway integration plugin, which enables PingAuthorize to be used for attribute-based access control and policy decisions.

Integration with Kong Gateway allows PingAuthorize to handle the complexities of attribute-based access control and dynamic authorization, making it easier for you to control access to your application programming interface (API) resources. Instead of configuring policies multiple times, deploy the Kong Gateway integration once and manage your policy rules in PingAuthorize.

The following are important to consider when using the ping-auth Kong Gateway integration plugin for PingAuthorize:

Mutual TLS (mTLS)

This plugin supports client certificate authentication using mTLS. However, this feature requires using the mtls-auth plugin, only available in the enterprise edition of Kong, in conjunction with ping-auth. For more information, see the Kong mTLS documentation. When configured, mtls-auth uses the mTLS process to retrieve the client certificate, which allows ping-auth to provide the certificate in the client_certificate field of the sideband requests.

Transfer-encoding

Because of an outstanding defect in Kong, ping-auth is unable to support the Transfer-Encoding header, regardless of the value.

Logging limit

Because of OpenResty’s log level limit, log messages are limited to 2048 bytes by default, which is less than the size of many requests and responses. For more information, see the OpenResty reference documentation.