Import and configure PingIntelligence policy

Complete the following steps to import PingIntelligence policy in F5:

Sign on to your F5 UI and navigate to Local Traffic > iRules > LX Workspaces.

In the Workspaces tab, click on Import.
A Workspace import page is displayed. Enter the Name and choose the PingIntelligence policy that you downloaded from Ping Identity download site. Click on Import.
Clicking on Import creates an LX Workspace

Open the Workspace by clicking on it. The policy is pre-loaded with extension named oi_ext. Edit the ASE configuration by clicking on ASEConfig.js file. It opens the PingIntelligence policy in the editor:

hsf1583225109423

The following table describes the ASE variables:

Variable Description

Variable	Description
`ase_primary`	IP address of primary ASE node
`ase_primary_port`	Port number of primary ASE node
`ase_secondary`	IP address of secondary ASE node
`ase_secondary_port`	Port number of secondary ASE node
`is_ase_ssl`	Set to `true` if traffic to ASE is sent over HTTPS
`ase_token`	The ASE sideband authentication token that was generated as part of prerequisites
`use_ca`	Set to `true` if ASE is using a CA-signed certificate
`include_paths`	Provide the list of paths that the policy should process. If `/` is provided as path, then all the traffic is monitored. The maximum number of subpaths in path is 3. For example, `/a/b/c/`.
`enable_auth`	Set to `true` if traffic contains access token in `authorization` header or `querystring`.
`is_access_token_in_header`	Set to `true` if access token is present in `authorization` header.
`access_token_variable`	If the access token is present in `querystring`, then specify the key used for token.
`authorization_header_prefix`	If the access token is present in `authorization` header, then specify the prefix used for access token.
`user_key_mapping`	The location of `username` in JSON payload of JWT access token.
`clientid_key_mapping`	The location of client ID in JSON payload of JWT access token

ase_primary

IP address of primary ASE node

ase_primary_port

Port number of primary ASE node

ase_secondary

IP address of secondary ASE node

ase_secondary_port

Port number of secondary ASE node

is_ase_ssl

Set to true if traffic to ASE is sent over HTTPS

ase_token

The ASE sideband authentication token that was generated as part of prerequisites

use_ca

Set to true if ASE is using a CA-signed certificate

include_paths

Provide the list of paths that the policy should process. If / is provided as path, then all the traffic is monitored. The maximum number of subpaths in path is 3. For example, /a/b/c/.

enable_auth

Set to true if traffic contains access token in authorization header or querystring.

is_access_token_in_header

Set to true if access token is present in authorization header.

access_token_variable

If the access token is present in querystring, then specify the key used for token.

authorization_header_prefix

If the access token is present in authorization header, then specify the prefix used for access token.

user_key_mapping

The location of username in JSON payload of JWT access token.

clientid_key_mapping

The location of client ID in JSON payload of JWT access token