Identity Gateway 2024.3

PingOneApiAccessManagementFilter

The PingOneApiAccessManagementFilter is available in Technology preview. It isn’t yet supported, may be functionally incomplete, and is subject to change without notice.

Use the PingOneApiAccessManagementFilter with PingOne’s API Access Management, where the PingOne API moderates requests and responses as follows:

  • Allows requests, optionally instructing IG to edit the requests.

  • Rejects requests, instructing IG on how to respond to the client, for example, with an HTTP 403 and a custom message.

  • Instructs IG to update responses from the backend. For example, the instructions can be to remove content from the response body or to add or remove headers.

The filter sends the following elements to the PingOne API for the request:

  • Client IP address

  • Client port

  • HTTP method used

  • URL targeted

  • HTTP version used

  • HTTP headers

  • HTTP content (when includeBody=true and the content is JSON)

The filter sends the following elements to the PingOne API for the response:

  • Original URL queried

  • Original method called

  • HTTP status code

  • HTTP status message

  • HTTP version

  • HTTP headers

  • HTTP content (when includeBody=true and the content is JSON)

Usage

{
  "name": string,
  "type": "PingOneApiAccessManagementFilter",
    "config": {
      "gatewayServiceUri": configuration expression<url>,
      "secretsProvider": SecretsProvider reference,
      "gatewayCredentialSecretId": configuration expression<secret-id>,
      "includeBody": configuration expression<boolean>,
      "sidebandHandler": Handler reference
  }
}

Configuration

"gatewayServiceUri": configuration expression<url>, required

The URL of the API gateway in the PingOne API.

To find the URL, go to your PingOne Authorize environment, select Authorization > API gateways, and note the value of the > Service URL.

"secretsProvider": SecretsProvider reference, required

The SecretsProvider to query for the credential to access the PingOne API.

"gatewayCredentialSecretId": configuration expression<secret-id>, required

The secret ID of the PingOne API credential.

The secret ID must point to a GenericSecret in the secretsProvider.

To add the credential, go to your PingOne Authorize environment, select Authorization > API gateways, and select your gateway.

"includeBody": configuration expression<boolean>, optional

A flag to include the body of requests and responses sent from IG to the PingOne API.

IG includes the body only when the body is in JSON format.
Including the body in every request and response can impact the HTTP exchange latency.

Default: true

"sidebandHandler": Handler reference, optional

An HTTP client handler to use to contact the PingOne API.

The handler sends requests and responses to the Ping Sideband API. It then processes Ping Sideband API decisions to accept, reject, or rewrite requests and responses.

Default: ForgeRockClientHandler