PingIntelligence

Prerequisites

Complete the following prerequisites before deploying the PingIntelligence policy on APIM:

Prerequisite:

  • Confirm that the Azure API Management Service is available

  • Version : The PingIntelligence policy supports Azure APIM Q2CY2020 version. If you are using any other version, contact Ping Identity support.

  • Confirm that the APIs to which you want to apply the PingIntelligence policy are available

  • Configure CA certificate in APIM: If you want to use the ASE self-signed certificate, then configure the CA certificate from the Security → CA certificates section.

    rcm1564009244234

  • PingIntelligence policy application

    Select one of the following four levels to apply the PingIntelligence policy:

    • For all the APIs

    • For a group of APIs, that is, at the product level

    • For individual APIs

    • For a specific operation in the API

  • PingIntelligence software installation

    Install and configure PingIntelligence software. Refer to the PingIntelligence deployment guide for your environment.

  • Verify that ASE is in sideband mode

    Check that ASE is in sideband mode by running the following ASE command:

    /opt/pingidentity/ase/bin/cli.sh status
    API Security Enforcer
    status                  : started
     mode : sideband
    http/ws                 : port 80
    https/wss               : port 443
    firewall                : enabled
    abs                     : disabled, ssl: enabled
    abs attack              : disabled
    audit                   : enabled
    sideband authentication : disabled
    ase detected attack     : disabled
    attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
    google pubsub           : disabled
    log level               : debug
    timezone                : local (UTC)

    If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.

  • Enable sideband authentication: For a secure communication between APIM and ASE, enable sideband authentication by entering the following ASE command:

    # ./bin/cli.sh enable_sideband_authentication -u admin –p
  • Generate sideband authentication token

    A token is required for APIM to authenticate with ASE. To generate the token in ASE, enter the following ASE command:

    # ./bin/cli.sh -u admin -p admin create_sideband_token

    Save the generated authentication token for further use.