Deploying the PingIntelligence policy
Use the PingIntelligence automated policy tool to deploy the shared flow.
Using the PingIntelligence automated policy tool, you deploy the shared flow either by the flow hook or the flow callout policy, which is configured in the command line. Choose either the included ASE self-signed certificate or a certificate authority (CA)-signed certificate.
-
Flow hook
-
Flow callout
Deploying the PingIntelligence policy for flow hook
About this task
With a flow hook, the PingIntelligence shared flow is applied to all APIs in the environment of an organization.
Steps
-
Deploy the shared flow:
Choose from:
-
Deploy with self-signed certificate: To deploy the PingIntelligence policy with self-signed certificate, run the following command.
/opt/pingidentity/pi/apigee/bin/deploy.sh -fh Checking Apigee connectivity Apigee connectivity ... success Generating policies Deploying PI Apigee policy Flow Hook 1) PingIntelligence-Encrypted-Config-KVM status ... not-applicable 2) PingIntelligence-Config-KVM status ... not-applicable 3) ASE Server status ... deployed 4) Truststore status ... deployed 5) Upload pem file status ... deployed 6) Cache status ... deployed 7) Request policy upload status ... deployed 8) Response policy upload status ... deployed 9) Request policy deployment status ... deployed 10) Response policy deployment status ... deployed 11) Preproxy Flow hook status ... deployed 12) Postproxy Flow hook status ... deployed Deployment of PI Policy finished successfully
-
Deploy with CA-signed certificate: To deploy the PingIntelligence policy with CA-signed certificate, run the following command.
/opt/pingidentity/pi/apigee/bin/deploy.sh -fh -ca Checking Apigee connectivity Apigee connectivity ... success Generating policies Deploying PI Apigee policy Flow Hook 1) PingIntelligence-Encrypted-Config-KVM status ... not-applicable 2) PingIntelligence-Config-KVM status ... not-applicable 3) ASE Server status ... deployed 4) Truststore status ... not-applicable - running using CA signed certificate 5) Upload pem file status ... not-applicable - running using CA signed certificate 6) Cache status ... deployed 7) Request policy upload status ... deployed 8) Response policy upload status ... deployed 9) Request policy deployment status ... deployed 10) Response policy deployment status ... deployed 11) Preproxy Flow hook status ... deployed 12) Postproxy Flow hook status ... deployed Deployment of PI Policy finished successfully
-
-
After you deploy the flow hook using the PingIntelligence tool, to verify the status of the deployment, run the following command:
/opt/pingidentity/pi/apigee/bin/status.sh Checking Apigee connectivity Apigee connectivity ... success Checking the PI Apigee Policy Flow Hook deployment status 1) PingIntelligence-Config-KVM status ... not applicable 2) PingIntelligence-Encrypted-Config-KVM status ... not applicable 3) ASE target status ... deployed 4) Cache status ... deployed 5) Truststore status ... deployed 6) Request Policy status ... deployed 7) Response Policy status ... deployed 8) Preproxy hook status ... deployed 9) Postproxy hook status ... deployed PI Apigee Policy is already installed
Deploying the PingIntelligence policy for flow callout
About this task
In the flow callout, the PingIntelligence policy is applied on a per-API basis in the environment of an organization.
Steps
-
Deploy the shared flow:
Choose from:
-
Deploy with self-signed certificate: To deploy the PingIntelligence policy with self-signed certificate, run the following command.
/opt/pingidentity/pi/apigee/bin/deploy.sh -fc Checking Apigee connectivity Apigee connectivity ... success Generating policies Deploying PI Apigee policy Flow Call Out 1) PingIntelligence-Encrypted-Config-KVM status ... not-applicable 2) PingIntelligence-Config-KVM status ... not-applicable 3) ASE Server status ... deployed 4) Truststore status ... deployed 5) Upload pem file status ... deployed 6) Cache status ... deployed 7) Request policy upload status ... deployed 8) Response policy upload status ... deployed 9) Request policy deployment status ... deployed 10) Response policy deployment status ... deployed 11) Preproxy Flow call out status ... deployed 12) Postproxy Flow call out status ... deployed Deployment of PI Policy finished successfully
-
Deploy with CA-signed certificate: To deploy the PingIntelligence policy with CA-signed certificate, run the following command.
bin/deploy.sh -fc -ca Checking Apigee connectivity Apigee connectivity ... success Generating policies Deploying PI Apigee policy Flow Call Out 1) PingIntelligence-Encrypted-Config-KVM status ... not-applicable 2) PingIntelligence-Config-KVM status ... not-applicable 3) ASE Server status ... deployed 4) Truststore status ... not-applicable - running using CA signed certificate 5) Upload pem file status ... not-applicable - running using CA signed certificate 6) Cache status ... deployed 7) Request policy upload status ... deployed 8) Response policy upload status ... deployed 9) Request policy deployment status ... deployed 10) Response policy deployment status ... deployed 11) Preproxy Flow call out status ... deployed 12) Postproxy Flow call out status ... deployed Deployment of PI Policy finished successfully
-
-
After deploying the flow callout using the PingIntelligence tool, to verify the status of the deployment, run the following command:
/opt/pingidentity/pi/apigee/bin/status.sh Checking Apigee connectivity Apigee connectivity ... success Checking the PI Apigee Policy Flow Call Out deployment status 1) PingIntelligence-Config-KVM status ... not applicable 2) PingIntelligence-Encrypted-Config-KVM status ... not applicable 3) ASE target status ... deployed 4) Cache status ... deployed 5) Truststore status ... deployed 6) Request Policy status ... deployed 7) Response Policy status ... deployed 8) Preproxy call out status ... deployed 9) Postproxy call out status ... deployed PI Apigee Policy is already installed