PingIntelligence

Prerequisites

Complete the following prerequisites before deploying PingIntelligence policy on PingFederate:

  • Verify versions supported

    The PingIntelligence policy is qualified with the following combination.

    PingFederate Version JDK version Password Credential Validator (PCV)

    PingFederate 9.3.3

    Oracle JDK8.0.u261

    • OpenLDAP-2.4.44

    • Simple Username Password Credential Validator

If you are using any other versions of PingFederate or JDK, or any other PingFederate supported PCV, contact the Ping Identity support team for deployment support.

  • Install PingIntelligence software

    PingIntelligence software should be installed and configured. For more information on PingIntelligence deployment, see PingIntelligence automated deployment or PingIntelligence manual deployment.

  • Verify that API Security Enforcer (ASE) is in sideband mode

    Check that ASE is in sideband mode by running the following ASE command.

    /opt/pingidentity/ase/bin/cli.sh status
    API Security Enforcer
    status                  : started
     mode : sideband
    http/ws                 : port 80
    https/wss               : port 443
    firewall                : enabled
    abs                     : disabled, ssl: enabled
    abs attack              : disabled
    audit                   : enabled
    sideband authentication : disabled
    ase detected attack     : disabled
    attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
    google pubsub           : disabled
    log level               : debug
    timezone                : local (UTC)

    If ASE is not in sideband mode, complete the following steps:

    1. Stop ASE if it is running. For more information, see Start and stop ASE.

    2. Navigate to /opt/pingidentity/ase/config/.

    3. Edit the ase.conf file and set mode parameter to sideband.

    4. Start ASE. For more information, see Start and stop ASE.

  • Enable sideband authentication

    For a secure communication between PingFederate and ASE, enable sideband authentication by entering the following ASE command.

    # ./bin/cli.sh enable_sideband_authentication -u admin –p
  • Generate sideband authentication token

    A token is required for PingFederate to authenticate with ASE. To generate the token in ASE, enter the following command in the ASE command line. Save the generated authentication token for further use.

    # ./bin/cli.sh -u admin -p admin create_sideband_token
  • Enable connection keepalive between PingFederate and ASE

    1. Stop ASE if it is running. For more information, see Start and stop ASE.

    2. Navigate to /opt/pingidentity/ase/config/.

    3. Edit the ase.conf file and set enable_sideband_keepalive parameter totrue.

    4. Start ASE. For more information, see Start and stop ASE.