PingIntelligence

Preparing to deploy the PingIntelligence policy

Complete the following for PingIntelligence and Kong API Gateway before deploying the PingIntelligence plugin.

About this task

Before deploying the PingIntelligence plugin:

Steps

  1. Install the PingIntelligence software.

    For more information on installing PingIntelligence for APIs, see Automated deployment guide or Manual deployment guide.

  2. Verify that ASE is deployed in sideband mode by running the status command:

    /opt/pingidentity/ase/bin/cli.sh status

    Result:

    API Security Enforcer
    status                  : started
     mode : sideband
    http/ws                 : port 80
    https/wss               : port 443
    firewall                : enabled
    abs                     : enabled, ssl: enabled
    abs attack              : disabled
    audit                   : enabled
    sideband authentication : disabled
    ase detected attack     : disabled
    attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB

    Troubleshooting:

    If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE. For more information on the ase.conf file, see Sideband ASE configuration using the ase.conf file.

  3. For a secure communication between Kong and ASE, enable sideband authentication by entering the following command in the ASE command line:

    # ./bin/cli.sh enable_sideband_authentication -u admin –p
  4. To generate the token in ASE, enter the following command in the ASE command line and save the generated authentication token for further use.

    A token is required for Kong to authenticate with ASE. This token is generated in ASE and configured in the kong.yml file of the PingIntelligence plugin.

    # ./bin/cli.sh -u admin -p admin create_sideband_token
  5. If you want to keep alive the connections beteen Kong and ASE, set the value of enable_sideband_keepalive to true. If ASE is already running, stop ASE, edit the ase.conf file, and then start ASE.

    For more information on keep-alive paramter, see Sideband ASE configuration using the ase.conf file.

  6. Install the Kong API Gateway and LuaRocks, the Lua package manager, on all the Kong nodes where you want to deploy the PingIntelligence module.