PingIntelligence

Prerequisites

Complete the following prerequisites before deploying the PingIntelligence policy.

Confirm the versions- The PingIntelligence policy is validated only for the following versions of IBM APIC and DataPower:

  • IBM APIC v5.0.8.7

  • IBM DataPower Gateway 2018.4.10

Verify User permissions- To configure PingIntelligence policy, the user must have permissions to edit and publish APIs in the API Manager.

Install PingIntelligence software- PingIntelligence software should be installed and configured. For more information on PingIntelligence deployment, see PingIntelligence setup and PingIntelligence manual deployment.

Verify that ASE is in sideband mode-Check that ASE is in sideband mode by running the following ASE command.

/opt/pingidentity/ase/bin/cli.sh status
API Security Enforcer
status                  : started
mode                    : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : enabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB

If ASE is not in sideband mode, then stop ASE and change the mode by editing the/opt/pingidentity/ase/config/ase.conf file. Set mode assideband and start ASE. For more information on starting ASE, see Start and stop ASE.

Enable sideband authentication- For a secure communication between IBM DataPower Gateway and ASE, enable sideband authentication by entering the following ASE command.

# ./bin/cli.sh enable_sideband_authentication -u admin –p

Ensure SSL is configured in ASE for client side connection using self-signed certificate. For more information on configuring self-signed certificate, see Configure SSL for external APIs.

Generate sideband authentication token- To generate the token in ASE, enter the following command in the ASE command line.

# ./bin/cli.sh -u admin -p admin create_sideband_token

Save the generated authentication token for further use. The token is required for IBM DataPower Gateway to authenticate with ASE. It is set as a runtime variable in ASE config set-variable policy. For more information, see Configure PingIntelligence policy components.