Connect ASE to ABS AI engine

Check ABS port availability

The default ports for connection with ABS are 8080 and 9090. Run the check_ports.sh script on the ASE machine to determine accessibility of ABS. Input ABS host IP address and ports as arguments.

/opt/pingidentity/ase/util ./check_ports.sh {ABS IPv4:[port]}

Configure ASE

Update abs.conf located in the ASE /opt/pingidentity/ase/config directory with ABS Engine address and authentication keys:

Configure abs_endpoint with the ABS Engine management IP address / host name and port number (Default: 8080) which was configured in the /opt/pingidentity/abs/config/abs.properties file.

Note: If ABS is in a different AWS security group, use a private IP address
Configure ABS access_key and secret_key using the key values from the abs_init.js file located in /opt/pingidentity/abs/mongo.

Here is a sample abs.conf file:

; API Security Enforcer ABS configuration.
; This file is in the standard .ini format. The comments start with a semicolon (;).
; Following configurations are applicable only if ABS is enabled with true.

; a comma-separated list of abs nodes having hostname:port or ipv4:port as an address.
abs_endpoint=127.0.0.1:8080

; access key for abs node
access_key=OBF:AES://ENOzsqOEhDBWLDY+pIoQ:jN6wfLiHTTd3oVNzvtXuAaOG34c4JBD4XZHgFCaHry0

; secret key for abs node
secret_key=OBF:AES:Y2DadCU4JFZp3bx8EhnOiw:zzi77GIFF5xkQJccjIrIVWU+RY5CxUhp3NLcNBel+3Q

; Setting this value to true will enable encrypted communication with ABS.
enable_ssl=true

; Configure the location of ABS's trusted CA certificates. If empty, ABS's certificate
; will not be verified
abs_ca_cert_path=

Make sure that ASE and ABS are in the same time zone.