PingIntelligence

Prerequisites

Complete the following prerequisites before deploying the PingIntelligence policy on APIM:

Prerequisite:

  • Confirm that the Azure API Management Service is available

  • Version : The PingIntelligence policy supports Azure APIM Q2CY2020 version. If you are using any other version, contact Ping Identity support.

  • Confirm that the APIs to which you want to apply the PingIntelligence policy are available

  • Configure CA certificate in APIM: If you want to use the ASE self-signed certificate, then configure the CA certificate from the Security → CA certificates section.

    rcm1564009244234

  • PingIntelligence policy application

    Select one of the following four levels to apply the PingIntelligence policy:

    • For all the APIs

    • For a group of APIs, that is, at the product level

    • For individual APIs

    • For a specific operation in the API

  • PingIntelligence software installation

    Install and configure PingIntelligence software. Refer to the PingIntelligence deployment guide for your environment.

  • Verify that ASE is in sideband mode

    Check that ASE is in sideband mode by running the following ASE command:

    /opt/pingidentity/ase/bin/cli.sh status
API Security Enforcer
status                  : started
 mode : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : disabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
google pubsub           : disabled
log level               : debug
timezone                : local (UTC)

    If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.

  • Enable sideband authentication: For a secure communication between APIM and ASE, enable sideband authentication by entering the following ASE command:

    # ./bin/cli.sh enable_sideband_authentication -u admin –p

  • Generate sideband authentication token

    A token is required for APIM to authenticate with ASE. To generate the token in ASE, enter the following ASE command:

    # ./bin/cli.sh -u admin -p admin create_sideband_token

    Save the generated authentication token for further use.