Setting up Kong Gateway

Download, install, and configure the ping-auth plugin to set up Kong Gateway with PingAuthorize.

Steps

Install the plugin by running the luarocks install kong-plugin-ping-auth command.

Learn more in the Kong Gateway plugin installation guide.
After installation, load the plugin into Kong by editing the plugins = bundled,ping-auth property in the kong.conf file.
Restart Kong Gateway.
To confirm the plugin loads successfully, look for the debug-level Loading plugin: ping-auth message in Kong’s error.log file.

Use the Kong Gateway UI or the Kong Gateway API to complete Kong Gateway setup.

Kong Gateway UI
Kong Gateway API

Setting up Kong Gateway using the UI

Steps

In Kong Manager, select the default workspace, and then click Plugins.
Next to the ping-auth plugin, click Edit, and then click the toggle to enable the plugin.
(Optional) To enable the plugin for specific consumers, services, or routes, click Scoped, and then enter Service, Route, and Consumer information as needed.
Connect Kong Gateway to PingAuthorize.
1. In the Config.Service URL field in Kong Manager, enter the hostname of your PingAuthorize Server instance and the port of the HTTPS Connection Handler.
  
  For example, https://pingauthorize:8443.
  
  To find the HTTPS Connection Handler port number in the PingAuthorize administrative console, go to Configuration > System > Connection Handlers.
2. In the PingAuthorize administrative console, copy the PingAuthorize sideband client’s shared secret you created in Preparing PingAuthorize for Kong Gateway integration.
3. In the Config.Shared Secret field, paste the shared secret.
4. Make sure the Config.Secret Header Name value in Kong Manager matches the secret header name configured for the Sideband API Servlet Extension in PingAuthorize.

(Optional) Configure the rest of the optional fields in Kong Manager or the API.

Option API Field Name Description

Option	API Field Name	Description
Config.Connection KeepAlive Ms	`connection_keepAlive_ms`	The duration to keep the connection alive for reuse. The default is `60000`.
Config.Connection Timeout Ms	`connection_timeout_ms`	The duration to wait before the connection times out. The default is `10000`.
Config.Enable Debug Logging	`enable_debug_logging`	Controls if requests and responses are logged at the debug level. The default is `false`. For log messages to show in `error.log`, you must set `log_level = debug` in `kong.conf`.
Config.Verify Service Certificate	`verify_service_certificate`	Controls whether the service certificate is verified. This is intended for testing purposes and the default is `true`.

Config.Connection KeepAlive Ms

connection_keepAlive_ms

The duration to keep the connection alive for reuse. The default is 60000.

Config.Connection Timeout Ms

connection_timeout_ms

The duration to wait before the connection times out. The default is 10000.

Config.Enable Debug Logging

enable_debug_logging

Controls if requests and responses are logged at the debug level. The default is false. For log messages to show in error.log, you must set log_level = debug in kong.conf.

Config.Verify Service Certificate

verify_service_certificate

Controls whether the service certificate is verified. This is intended for testing purposes and the default is true.

Click Update, and then click Update Plugin.

Setting up Kong Gateway using the API

Steps

Include the following JSON object in a POST request to https://<KONG_URL>/plugins:
```
{
  "name": "ping-auth",
  "enabled": true,
  "config": {
    "service_url": "https://<PingAuthorize Server hostname>:<HTTPS Connection Handler port>/",
    "shared_secret": "<shared secret>",
    "secret_header_name": "<shared secret header name>"
  }
}
```
json
- service_url: The full URL of the Ping policy provider. This should not contain /sideband in the path.
- shared_secret: The shared secret value to authenticate this plugin to the policy provider.
- secret_header_name: The header name in which the shared secret is provided.
  
  You can provide additional configuration in accordance with the Kong API specification. Learn more in the Kong documentation.

(Optional) Configure the rest of the optional fields through the API.

Option API Field Name Description

Option	API Field Name	Description
Config.Connection KeepAlive Ms	`connection_keepAlive_ms`	The duration to keep the connection alive for reuse. The default is `60000`.
Config.Connection Timeout Ms	`connection_timeout_ms`	The duration to wait before the connection times out. The default is `10000`.
Config.Enable Debug Logging	`enable_debug_logging`	Controls if requests and responses are logged at the debug level. The default is `false`. For log messages to show in `error.log`, you must set `log_level = debug` in `kong.conf`.
Config.Verify Service Certificate	`verify_service_certificate`	Controls whether the service certificate is verified. This is intended for testing purposes and the default is `true`.

Config.Connection KeepAlive Ms

connection_keepAlive_ms

The duration to keep the connection alive for reuse. The default is 60000.

Config.Connection Timeout Ms

connection_timeout_ms

The duration to wait before the connection times out. The default is 10000.

Config.Enable Debug Logging

enable_debug_logging

Controls if requests and responses are logged at the debug level. The default is false. For log messages to show in error.log, you must set log_level = debug in kong.conf.

Config.Verify Service Certificate

verify_service_certificate

Controls whether the service certificate is verified. This is intended for testing purposes and the default is true.

Result

Kong Gateway is now configured to work with PingAuthorize.