---
title: Configuring the PingIntelligence servlet filter
description: Configure the servlet filter for the PingIntelligence policy in the webdefault.xml file in PingFederate.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_integrations:pingintelligence_pf_servlet
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_integrations/pingintelligence_pf_servlet.html
revdate: May 6, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Configuring the PingIntelligence servlet filter

Configure the servlet filter for the PingIntelligence policy in the `webdefault.xml` file in PingFederate.

## About this task

To define the PingIntelligence for APIs servlet filter:

## Steps

1. Add the the following filter configuration to the `<pf_install>/pingfederate/etc/webdefault.xml` file. Add the filter configuration within the `<web-app></web-app>` element.

   |   |                                                                                                   |
   | - | ------------------------------------------------------------------------------------------------- |
   |   | If there are multiple filters in the `webdefault.xml` file, then place `pi4APIFilter` at the end. |

   ```
   <filter>
       <filter-name>pi4APIFilter</filter-name>
       <filter-class>com.pingidentity.pi.servlets.PI4APIServletFilter</filter-class>
       <init-param>
           <param-name>ASE-Primary-URL</param-name>
           <param-value>https://<IP address of primary ASE>:<Port number></param-value>
       </init-param>
       <init-param>
           <param-name>ASE-Secondary-URL</param-name>
           <param-value>https://<IP address of secondary ASE>:<Port number></param-value>
       </init-param>
       <init-param>
           <param-name>ASE-Token</param-name>
           <param-value><ASE authentication token></param-value>
       </init-param>
       <init-param>
             <param-name>Enable-Blocking</param-name>
             <param-value>false</param-value>
         </init-param>
     </filter>
     <filter-mapping>
       <filter-name>pi4APIFilter</filter-name>
       <url-pattern>/as/token.oauth2</url-pattern>
     </filter-mapping>
   ```

2. Make sure the following configurations are set correctly:

   * The `filter-class` element is configured to `com.pingidentity.pi.servlets.PI4APIServletFilter`.

   * The `pi4APIFilter` is mapped to the token endpoint URL of PingFederate by configuring the `url-pattern` element to `/as/token.oauth2`.

   * The `filter-name` element in both the `<filter>` and `<filter-mapping>` blocks is `pi4APIFilter`.

3. Substitute the actual values for the `init` parameters in the `pi44APIFilter` filter.

   The following table explains the PI4API `init` parameters in detail. The parameteers control the communication with API Security Enforcer (ASE). You can contact Ping Identity support team for the actual values of these parameters.

   | Parameter Name      | Description                                                                                                                                                                                                                                                                                                                                             |
   | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | `ASE-Primary-URL`   | The URL or IP address of the ASE primary host.&#xA;&#xA;To support high availability, PingIntelligence provides ASE primary and secondary nodes.                                                                                                                                                                                                        |
   | `ASE-Secondary-URL` | The URL or IP address of the ASE secondary host.                                                                                                                                                                                                                                                                                                        |
   | `ASE-Token`         | The ASE sideband authentication token. You can obfuscate the sideband authentication token using one of the following utilities available in the PingFederate `<pf_install>/pingfederate/bin/` directory:- On Windows: `obfuscate.bat`

   - On Linux: `./obfuscate.sh`If you need further assistance in using the utility, contact Ping Identity support. |
   | `Enable-Blocking`   | You can optionally block a client that has been detected executing an attack. To block the client, you need to enable blocking in ASE by setting the `Enable-Blocking` to `true`. The default value is `false`.                                                                                                                                         |