PingAuthorize

Preparing PingAuthorize for Kong Gateway integration

For Kong Gateway to use PingAuthorize as an external authorization policy runtime service, you must prepare PingAuthorize to receive authorization requests from Kong Gateway.

Before you begin

Steps

  1. In the PingAuthorize administrative console, go to Configuration > HTTP Servlet Extensions > Sideband API.

  2. In the Request Context Method list, select State.

  3. In the Shared Secret Header Name field, enter CLIENT-TOKEN.

  4. Next to the Selected table for Shared Secrets, click the icon to create a new shared secret.

    The shared secret authenticates the ping-auth plugin to PingAuthorize. Version 1.2.0 of the plugin supports referenceable secrets. For security reasons, store the shared secret in a vault supported by Kong. Learn more in Secrets Management and Environment Variables Vault in the Kong documentation.

  5. In the modal dialog, create a suitably long shared secret value, and then click Save To PingAuthorize Server Cluster.

  6. At the top of the Edit Sideband API HTTP Servlet Extension page, click Save.

    Screen capture of the Sideband API HTTP Servlet Extension window with settings configured as previously specified for Kong Gateway