Prerequisites

Complete the following prerequisites before deploying PingIntelligence policy on PingFederate:

Verify versions supported

The PingIntelligence policy is qualified with the following combination.
PingFederate Version JDK version Password Credential Validator (PCV)
PingFederate 9.3.3

Oracle JDK8.0.u261
OpenLDAP-2.4.44

Simple Username Password Credential Validator

PingFederate Version	JDK version	Password Credential Validator (PCV)
PingFederate 9.3.3	Oracle JDK8.0.u261	OpenLDAP-2.4.44 Simple Username Password Credential Validator

If you are using any other versions of PingFederate or JDK, or any other PingFederate supported PCV, contact the Ping Identity support team for deployment support.

Install PingIntelligence software

PingIntelligence software should be installed and configured. For more information on PingIntelligence deployment, see PingIntelligence automated deployment or PingIntelligence manual deployment.

Verify that API Security Enforcer (ASE) is in sideband mode

Check that ASE is in sideband mode by running the following ASE command.

/opt/pingidentity/ase/bin/cli.sh status
API Security Enforcer
status                  : started
 mode : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : disabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
google pubsub           : disabled
log level               : debug
timezone                : local (UTC)

If ASE is not in sideband mode, complete the following steps:

Stop ASE if it is running. For more information, see Start and stop ASE.
Navigate to /opt/pingidentity/ase/config/.
Edit the ase.conf file and set mode parameter to sideband.
Start ASE. For more information, see Start and stop ASE.

Enable sideband authentication

For a secure communication between PingFederate and ASE, enable sideband authentication by entering the following ASE command.
```
# ./bin/cli.sh enable_sideband_authentication -u admin –p
```
Generate sideband authentication token

A token is required for PingFederate to authenticate with ASE. To generate the token in ASE, enter the following command in the ASE command line. Save the generated authentication token for further use.
```
# ./bin/cli.sh -u admin -p admin create_sideband_token
```
Enable connection keepalive between PingFederate and ASE
1. Stop ASE if it is running. For more information, see Start and stop ASE.
2. Navigate to /opt/pingidentity/ase/config/.
3. Edit the ase.conf file and set enable_sideband_keepalive parameter totrue.
4. Start ASE. For more information, see Start and stop ASE.