PingIntelligence

Preparing for deployment

Complete the following prerequisites before deploying PingIntelligence policy on PingFederate

Before you begin

  • Verify versions supported. The PingIntelligence policy is qualified with the following combination.

    PingFederate PingFederateVersion JDK version Password Credential Validator

    PingFederate 9.3.3

    Oracle JDK8.0.u261

    • OpenLDAP-2.4.44

    • Simple username password credential validator (PCV)

    If you are using any other versions of PingFederate or JDK, or any other PingFederate-supported PCV, contact the Ping Identity support team for deployment support.

  • Install and configure PingIntelligence software. For more information on PingIntelligence deployment, see PingIntelligence automated deployment or PingIntelligence manual deployment.

About this task

To prepare for deployment of the PingIntelligence policy:

Steps

  1. Verify that API Security Enforcer (ASE) is in sideband mode by running the following ASE command:

    /opt/pingidentity/ase/bin/cli.sh status

    Result:

    If ASE is in sideband mode, you will see the following result:

    API Security Enforcer
    status                  : started
     mode : sideband
    http/ws                 : port 80
    https/wss               : port 443
    firewall                : enabled
    abs                     : disabled, ssl: enabled
    abs attack              : disabled
    audit                   : enabled
    sideband authentication : disabled
    ase detected attack     : disabled
    attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
    google pubsub           : disabled
    log level               : debug
    timezone                : local (UTC)

    Troubleshooting:

    If ASE is not in sideband mode, complete the following steps:

    1. Stop ASE if it is running. For more information, see Starting and stopping ASE.

    2. Navigate to /opt/pingidentity/ase/config/.

    3. Edit the ase.conf file and set mode parameter to sideband.

    4. Start ASE. For more information, see Starting and stopping ASE.

  2. For a secure communication between PingFederate and ASE, enable sideband authentication by entering the following ASE command:

    # ./bin/cli.sh enable_sideband_authentication -u admin –p
  3. Generate a sideband authentication token by entering the following ASE command.

    A token is required for PingFederate to authenticate with ASE.

    # ./bin/cli.sh -u admin -p admin create_sideband_token
  4. Save the generated authentication token for further use.

  5. Enable connection keepalive between PingFederate and ASE.

    1. Stop ASE if it is running. For more information, see Starting and stopping ASE.

    2. Navigate to /opt/pingidentity/ase/config/.

    3. Edit the ase.conf file and set enable_sideband_keepalive parameter to true.

    4. Start ASE. For more information, see Starting and stopping ASE.