Installing and configuring the PingIntelligence bundle

Install and configure the PingIntelligence bundle for the CA API Gateway.

About this task

To install and configure the PingIntelligence bundle:

Steps

Download the PingIntelligence policy files from the Ping Identity Download site.

The downloaded package will have the following files and properties:
- ASE Check Request: The assertion used to analyze API requests.
- ASE Check Response: The assertion used to analyze API responses.
- Cluster-wide Properties:
  - ase_host_https: The default is https://ase-server.example.com.
  - ase_host2_https: The default is https://ase-server-2.example.com.
  - ase_path_request and ase_path2_request: The default path is /ase/request.
  - ase_path_response and ase_path2_response: The default path is /ase/response.
- API examples:
  - /shop: Example API that may be called by an external client. The API shows how to support both failing and non-failing policies.
  - /shop/backend: An example shop-backend for demo purposes.
Untar the package.

Edit the pingintelligence-properties.bundle to configure the following properties:

Property Description

Property	Description
`ase_host_https` and `ase_host2_https`	Primary and secondary PingIntelligence API Security Enforcer (ASE) Internet Protocol (IP) address and port number. If the primary ASE is not available, the request is sent to the secondary ASE.
`ase_request_connection_timeout`	The time in milliseconds for which the API gateway waits to establish a TCP connection for the client request with ASE. After the timeout period, the request is directly sent to the backend server. The default value is 30,000 milliseconds.
`ase_request_read_timeout`	The time in milliseconds for which the API gateway waits to get a response from ASE for the request. After the timeout period, the request is directly sent to the backend server. The default value is 60,000 milliseconds.
`ase_response_connection_timeout`	The time in milliseconds for which the API gateway waits to establish a TCP connection with ASE for the response from the backend server. After the timeout period, the response is directly sent to the client. The default value is 30,000 milliseconds.
`ase_response_read_timeout`	The time in milliseconds for which the API gateway waits to get a response from ASE for the request. After the timeout period, the request is directly sent to the backend server. The default value is 60,000 milliseconds.
`ase_path_request` and `ase_path2_request`	Use the default value in the sample file.
`ase_path_response` and `ase_path2_response`	Use the default value in the sample file.

ase_host_https and ase_host2_https

Primary and secondary PingIntelligence API Security Enforcer (ASE) Internet Protocol (IP) address and port number. If the primary ASE is not available, the request is sent to the secondary ASE.

ase_request_connection_timeout

The time in milliseconds for which the API gateway waits to establish a TCP connection for the client request with ASE. After the timeout period, the request is directly sent to the backend server. The default value is 30,000 milliseconds.

ase_request_read_timeout

The time in milliseconds for which the API gateway waits to get a response from ASE for the request. After the timeout period, the request is directly sent to the backend server. The default value is 60,000 milliseconds.

ase_response_connection_timeout

The time in milliseconds for which the API gateway waits to establish a TCP connection with ASE for the response from the backend server. After the timeout period, the response is directly sent to the client. The default value is 30,000 milliseconds.

ase_response_read_timeout

ase_path_request and ase_path2_request

Use the default value in the sample file.

ase_path_response and ase_path2_response

Use the default value in the sample file.

Example:

The following is a sample pingintelligence-properties.bundle file:

<?xml version="1.0" encoding="UTF-8"?><l7:Bundle xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
            <l7:References>
                <l7:Item>
                    <l7:Name>ase_host_https</l7:Name>
                    <l7:Id>f33082fa66314439b5d7e8703ac0963a</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="f33082fa66314439b5d7e8703ac0963a" version="1">
                             <l7:Name>ase_host_https</l7:Name> <l7:Value>https://your-ase-host-and-port</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_path_request</l7:Name>
                    <l7:Id>f33082fa66314439b5d7e8703ac09636</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="f33082fa66314439b5d7e8703ac09636" version="0">
                             <l7:Name>ase_path_request</l7:Name> <l7:Value>/ase/request</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_path_response</l7:Name>
                    <l7:Id>f33082fa66314439b5d7e8703ac09633</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="f33082fa66314439b5d7e8703ac09633" version="0">
                             <l7:Name>ase_path_response</l7:Name> <l7:Value>/ase/response</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_request_connection_timeout</l7:Name>
                    <l7:Id>07b5ecd6fc3baca9518885b71dbcee8e</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="07b5ecd6fc3baca9518885b71dbcee8e" version="0">
                             <l7:Name>ase_request_connection_timeout</l7:Name> <l7:Value>30000</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_request_read_timeout</l7:Name>
                    <l7:Id>07b5ecd6fc3baca9518885b71dbcee90</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="07b5ecd6fc3baca9518885b71dbcee90" version="0">
                             <l7:Name>ase_request_read_timeout</l7:Name> <l7:Value>60000</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_response_connection_timeout</l7:Name>
                    <l7:Id>07b5ecd6fc3baca9518885b71dbcee92</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="07b5ecd6fc3baca9518885b71dbcee92" version="0">
                             <l7:Name>ase_response_connection_timeout</l7:Name> <l7:Value>30000</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_response_read_timeout</l7:Name>
                    <l7:Id>07b5ecd6fc3baca9518885b71dbcee94</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="07b5ecd6fc3baca9518885b71dbcee94" version="0">
                             <l7:Name>ase_response_read_timeout</l7:Name> <l7:Value>60000</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_path2_response</l7:Name>
                    <l7:Id>753f4df53a2f3daf040f9807a4f9a126</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-18T17:04:41.043Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="753f4df53a2f3daf040f9807a4f9a126" version="0">
                             <l7:Name>ase_path2_response</l7:Name> <l7:Value>/ase/response</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_path2_request</l7:Name>
                    <l7:Id>753f4df53a2f3daf040f9807a4f9a124</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-18T17:04:41.043Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="753f4df53a2f3daf040f9807a4f9a124" version="0">
                             <l7:Name>ase_path2_request</l7:Name> <l7:Value>/ase/request</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_host2_https</l7:Name>
                    <l7:Id>753f4df53a2f3daf040f9807a4f9a122</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-18T17:04:41.043Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="753f4df53a2f3daf040f9807a4f9a122" version="1">
                             <l7:Name>ase_host2_https</l7:Name> <l7:Value>https://your-second-ase-host-and-port</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
            </l7:References>