Prerequisites
Complete the following before configuring the Axway API Gateway:
-
Confirm the Axway version PingIntelligence 4.0 works with Axway 7.5.3 or later.
-
OAuth token store: If you wish to detect username based attacks, make sure that OAuth token store is configured in Axway.
-
Install PingIntelligence software
PingIntelligence should be installed and configured. Refer to the PingIntelligence deployment guide for your environment.
-
Verify that ASE is in sideband mode
Check that ASE is in sideband mode by running the following ASE command:
/opt/pingidentity/ase/bin/cli.sh status API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
If ASE is not in
sidebandmode, then stop ASE and change the mode by editing the/opt/pingidentity/ase/config/ase.conffile. Setmodeassidebandand start ASE. -
Enable sideband authentication: For a secure communication between Axway and ASE, enable sideband authentication by entering the following ASE command:
# ./bin/cli.sh enable_sideband_authentication -u admin –p
-
Generate sideband authentication token
A token is required for Axway to authenticate with ASE. To generate the token in ASE, enter the following ASE command:
# ./bin/cli.sh -u admin -p admin create_sideband_token
Save the generated authentication token for further use.
-
Port for AAD
If you are using AAD to automate API definition updates on PingIntelligence, open the following ports:
-
Open the management port to fetch API definitions from Axway. The default port is 8075.
-
Open port 8010 in ASE for AAD to add API definitions.
-
To connect PingIntelligence ASE with Axway API Gateway, complete the following steps:
-
Import the Axway Policy in Axway Policy Studio
-
Deploy the Axway Policy
-
Import the APIs from the Management VM to Axway API Manager.