Importing and configuring the PingIntelligence policy

To deploy the PingIntelligence policy, first import and configure the policy.

About this task

The PingIntelligence policy is specific to an ASE cluster. If you have more than one ASE cluster, then add the policy to a new workspace and create a new plugin. When you import the PingIntelligence policy, it is imported to an LX workspace and opens in a Node.js editor.

To import the PingIntelligence policy in F5:

Steps

Sign on to F5 and navigate to Local Traffic → iRules → LX Workspaces.
In the Workspaces tab, click import.

Result:

A Workspace import page is displayed.
Enter the Name and choose the PingIntelligence policy that you downloaded in Preparing to deploy the PingIntelligence policy.
Click Import.

Result:

Clicking on Import creates an LX Workspace.
Click the Workspace.

The policy is pre-loaded with the extension oi_ext.

Edit the ASE configuration by clicking the ASEConfig.js file.

A screen capture of the ASEConfig.js file open in the policy editor.

The following table describes the ASE variables:

Variable Description

Variable	Description
`ase_primary`	IP address of primary ASE node
`ase_primary_port`	Port number of primary ASE node
`ase_secondary`	IP address of secondary ASE node
`ase_secondary_port`	Port number of secondary ASE node
`is_ase_ssl`	Set to `true` if traffic to ASE is sent over HTTPS
`ase_token`	The ASE sideband authentication token that was generated as part of prerequisites
`use_ca`	Set to `true` if ASE is using a CA-signed certificate
`include_paths`	Provide the list of paths that the policy should process. If `/` is provided as path, then all the traffic is monitored. The maximum number of subpaths in path is 3. For example, `/a/b/c/`.
`enable_auth`	Set to `true` if traffic contains access token in `authorization` header or `querystring`.
`is_access_token_in_header`	Set to `true` if access token is present in `authorization` header.
`access_token_variable`	If the access token is present in `querystring`, then specify the key used for token.
`authorization_header_prefix`	If the access token is present in `authorization` header, then specify the prefix used for access token.
`user_key_mapping`	The location of `username` in JSON payload of JWT access token.
`clientid_key_mapping`	The location of client ID in JSON payload of JWT access token

ase_primary

IP address of primary ASE node

ase_primary_port

Port number of primary ASE node

ase_secondary

IP address of secondary ASE node

ase_secondary_port

Port number of secondary ASE node

is_ase_ssl

Set to true if traffic to ASE is sent over HTTPS

ase_token

The ASE sideband authentication token that was generated as part of prerequisites

use_ca

Set to true if ASE is using a CA-signed certificate

include_paths

Provide the list of paths that the policy should process. If / is provided as path, then all the traffic is monitored. The maximum number of subpaths in path is 3. For example, /a/b/c/.

enable_auth

Set to true if traffic contains access token in authorization header or querystring.

is_access_token_in_header

Set to true if access token is present in authorization header.

access_token_variable

If the access token is present in querystring, then specify the key used for token.

authorization_header_prefix

If the access token is present in authorization header, then specify the prefix used for access token.

user_key_mapping

The location of username in JSON payload of JWT access token.

clientid_key_mapping

The location of client ID in JSON payload of JWT access token

Result:

The PingIntelligence policy opens in the editor.