Apigee properties file configuration
The apigee.properties
file is required for all sideband Apigee configurations.
The properties file is used to set properties for the PingIntelligence policy tool after installation. You can optionally configure it to capture user information. You can find the file in the /pingidentity/apigee/config/
directory.
The following tables describe the variables in the file.
Variable | Description | ||
---|---|---|---|
|
Where to store the ASE token. The possible values are When you choose |
||
|
URL to connect to Apigee Edge.
|
||
|
The username to connect to Apigee Edge. |
||
|
The password to connect to Apigee Edge. |
||
|
The target environment for the PingIntelligence shared flow. |
||
|
The target organization for the PingIntelligence shared flow. |
||
|
The ASE primary host IP address and port or hostname and port. |
||
|
The ASE secondary host IP address and port or hostname and port.
|
||
|
Enable or disable SSL communication between Apigee Edge and ASE. The default value is |
||
|
Configure the ASE token generated in Preparing to deploy the PingIntelligence shared flow. |
||
|
Enable or disable mutual authentication between ASE and the Apigee API gateway. The default is
|
||
|
When mutual TLS (MTLS) is enabled, the password to access the keystore.
|
Variable | Description | ||
---|---|---|---|
|
Choose whether to use the PingIntelligence OAuth policy to extract
In both the cases, even if authorization token is deleted by the gateway, For more information on the PingIntelligence OAuth policy, see Extract user information from access tokens. |
||
|
Choose synchronous or asynchronous mode between the gateway and ASE. In synchronous mode, the gateway waits for a response from ASE before forwarding the request to backend server. If asynchronous mode is enabled, the gateway forwards the request to the backend server without waiting for the response from ASE. The ASE passively logs the request and forwards it to ABS for attack analysis. It performs attack detection without blocking of attacks. Possible values are |
||
|
Location of access_token_position=queryparam
|
||
|
A variable to hold access_token_variable=access_token => -H "access_token: Rft3dqrs56Blirls56a" The default value is |
||
|
This is used in the PingIntelligence policy to set the key of |
||
|
This is used in the PingIntelligence policy to set the key of |
Variable | Description | ||
---|---|---|---|
|
Connection timeout in milliseconds between Apigee API gateway and PingIntelligence ASE. |
||
|
Read timeout in milliseconds between Apigee API gateway and PingIntelligence ASE. |
||
|
Connection keepalive timeout between Apigee API gateway and PingIntelligence ASE. Make sure that
|
Backslashes ( |
The following is a sample apigee.properties
file.
# Copyright 2020 Ping Identity Corporation. All Rights Reserved. # Ping Identity reserves all rights in The program as delivered. Unauthorized use, copying, # modification, reverse engineering, disassembling, attempt to discover any source code or # underlying ideas or algorithms, creating other works from it, and distribution of this # program is strictly prohibited. The program or any portion thereof may not be used or # reproduced in any form whatsoever except as provided by a license without the written # consent of Ping Identity. A license under Ping Identity's rights in the Program may be # available directly from Ping Identity. # KVM Mode kvm/custom configuration_store=custom # Apigee management server URL apigee_url=https://api.enterprise.apigee.com # Apigee management server username apigee_username= # Apigee management server username apigee_password= # Apigee environment to which it should be deployed apigee_environment=prod # Apigee organization name apigee_organization= # ASE Primary Host <IP/Host>:<port> ase_host_primary= # ASE Secondary Host <IP/Host>:<port> ase_host_secondary= # ASE SSL status ase_ssl=true # ASE sideband authentication token ase_sideband_token=none # Enable OAuth Policy (allowed values: true | false) enable_oauth_policy=false # Enable async (allowed values: true | false) enable_async=true # Position of Access Token (allowed values: header | queryparam) access_token_position=header # access_token_position=header, access_token_variable=Authorization => -H "Authorization: Bearer Rft3dqrs56Blirls56a" # access_token_position=header, access_token_variable=access_token => -H "access_token: Rft3dqrs56Blirls56a" # access_token_position=queryparam, access_token_variable=access_token => ...?access_token=Rft3dqrs56Blirls56a access_token_variable=Authorization # username key mapping in access_token. This is the key of username in access_token attributes username_key_mapping=username # client_id key mapping in access_token. This is the key of client_id in access_token attributes client_id_key_mapping=client_id # connection timeout between Apigee and ASE. Value is in milliseconds connect_timeout=5000 # read timeout between Apigee and ASE. Value is in milliseconds io_timeout=5000 # keepalive timeout between Apigee and ASE. Value is in milliseconds # set enable_keepalive to true in ase.conf for the below configuration to take effect keepalive_timeout=30000
If If |