Preparing to deploy the CA API gateway integration
Confirm that the following prerequisites are met before deploying the PingIntelligence integration.
About this task
Before deploying the PingIntelligence integration:
Steps
-
Configure the gateway using CA API Gateway Policy Manager.
PingIntelligence was developed with and qualified with CA API Gateway 9.4. Contact PingIdentity for other supported releases.
-
Install and configure the PingIntelligence 4.0 or higher software.
For more information, refer to PingIntelligence manual deployment or PingIntelligence automated deployment for virtual machines and servers.
-
Install Java on the system from where the bundle is imported into the CA API Gateway.
-
Verify that ASE is operating in
sidebandmode by running the following command in the ASE command line:/opt/pingidentity/ase/bin/cli.sh status
Result:
API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
Troubleshooting:
If ASE is not in
sidebandmode, then stop ASE and change the mode by editing the/opt/pingidentity/ase/config/ase.conffile. Setmodeassidebandand start ASE. -
For a secure communication between CA and ASE, enable sideband authentication by entering the following command in the ASE command line:
# ./bin/cli.sh enable_sideband_authentication -u admin –p
-
To generate the token in ASE, enter the following command in the ASE command line. Save the generated authentication token for further use.
A token is required for CA to authenticate with ASE. This token is generated in ASE and configured in the policy Extensible Markup Language (XML) file.
# ./bin/cli.sh -u admin -p admin create_sideband_token