Preparing for deployment

Complete the following prerequisites before deploying PingIntelligence policy on PingFederate

Before you begin

Verify versions supported. The PingIntelligence policy is qualified with the following combination.

PingFederate PingFederateVersion	JDK version	Password Credential Validator
PingFederate 9.3.3	Oracle JDK8.0.u261	OpenLDAP-2.4.44 Simple username password credential validator (PCV)

PingFederate PingFederateVersion

JDK version

Password Credential Validator

PingFederate 9.3.3

Oracle JDK8.0.u261

OpenLDAP-2.4.44
Simple username password credential validator (PCV)

If you are using any other versions of PingFederate or JDK, or any other PingFederate-supported PCV, contact the Ping Identity support team for deployment support.

Install and configure PingIntelligence software. For more information on PingIntelligence deployment, see PingIntelligence automated deployment or PingIntelligence manual deployment.

About this task

To prepare for deployment of the PingIntelligence policy:

Steps

Verify that API Security Enforcer (ASE) is in sideband mode by running the following ASE command:

/opt/pingidentity/ase/bin/cli.sh status

Result:

If ASE is in sideband mode, you will see the following result:

API Security Enforcer
status                  : started
 mode : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : disabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
google pubsub           : disabled
log level               : debug
timezone                : local (UTC)

Troubleshooting:

If ASE is not in sideband mode, complete the following steps:

Stop ASE if it is running. For more information, see Starting and stopping ASE.
Navigate to /opt/pingidentity/ase/config/.
Edit the ase.conf file and set mode parameter to sideband.
Start ASE. For more information, see Starting and stopping ASE.

For a secure communication between PingFederate and ASE, enable sideband authentication by entering the following ASE command:
```
# ./bin/cli.sh enable_sideband_authentication -u admin –p
```
Generate a sideband authentication token by entering the following ASE command.

A token is required for PingFederate to authenticate with ASE.
```
# ./bin/cli.sh -u admin -p admin create_sideband_token
```
Save the generated authentication token for further use.
Enable connection keepalive between PingFederate and ASE.
1. Stop ASE if it is running. For more information, see Starting and stopping ASE.
2. Navigate to /opt/pingidentity/ase/config/.
3. Edit the ase.conf file and set enable_sideband_keepalive parameter to true.
4. Start ASE. For more information, see Starting and stopping ASE.