PingIntelligence

Connecting ASE to the ABS AI engine

Connect ASE to the ABS AI engine.

Before you begin

The default ports for connection with ABS are 8080 and 9090. Run the check_ports.sh script on the ASE machine to determine accessibility of ABS. Input ABS host IP address and ports as arguments.

/opt/pingidentity/ase/util ./check_ports.sh {ABS IPv4:[port]}

About this task

To configure ASE for connecting with the ABS AI engine:

Steps

  1. Update abs.conf located in the ASE /opt/pingidentity/ase/config directory with the ABS engine address and authentication keys:

    1. Configure abs_endpoint with the ABS engine management IP address/hostname and port number (default: 8080), which was configured in the /opt/pingidentity/abs/config/abs.properties file.

      If ABS is in a different AWS security group, use a private IP address.

    2. Configure ABS access_key and secret_key using the key values from the abs_init.js file located in /opt/pingidentity/abs/mongo.

      Example:

      Below is a sample abs.conf file:

      ; API Security Enforcer ABS configuration.
; This file is in the standard .ini format. The comments start with a semicolon (;).
; Following configurations are applicable only if ABS is enabled with true.

; a comma-separated list of abs nodes having hostname:port or ipv4:port as an address.
abs_endpoint=127.0.0.1:8080

; access key for abs node
access_key=OBF:AES://ENOzsqOEhDBWLDY+pIoQ:jN6wfLiHTTd3oVNzvtXuAaOG34c4JBD4XZHgFCaHry0

; secret key for abs node
secret_key=OBF:AES:Y2DadCU4JFZp3bx8EhnOiw:zzi77GIFF5xkQJccjIrIVWU+RY5CxUhp3NLcNBel+3Q

; Setting this value to true will enable encrypted communication with ABS.
enable_ssl=true

; Configure the location of ABS's trusted CA certificates. If empty, ABS's certificate
; will not be verified
abs_ca_cert_path=
    Make sure that ASE and ABS are in the same time zone.