Preparing to configure the Axway API Gateway
Complete the following before configuring the Axway API Gateway.
About this task
To connect PingIntelligence API Security Enforcer (ASE) with the Axway API Gateway:
Steps
-
Confirm the Axway version is 7.5.3 or higher.
PingIntelligence works with Axway 7.5.3 or higher.
-
Optional: To detect username-based attacks, make sure that the OAuth token store is configured in Axway.
-
Install and configure the PingIntelligence software.
Refer to the PingIntelligence deployment guide for your environment type.
-
Verify that ASE is in sideband mode by running the following ASE command:
/opt/pingidentity/ase/bin/cli.sh status
Result:
API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
Troubleshooting:
If ASE is not in sideband mode, then stop ASE and change the mode by editing the
/opt/pingidentity/ase/config/ase.conffile. Setmodeassidebandand start ASE. -
For a secure communication between Axway and ASE, enable sideband authentication by entering the following ASE command:
# ./bin/cli.sh enable_sideband_authentication -u admin –p
-
Generate sideband authentication token by entering the following ASE command. Save the generated authentication token for further use.
A token is required for Axway to authenticate with ASE.
# ./bin/cli.sh -u admin -p admin create_sideband_token
-
If you are using AAD to automate API definition updates on PingIntelligence, open the following ports:
-
The management port to fetch API definitions from Axway. The default port is 8075.
-
Port 8010 in ASE for AAD to add API definitions.
-
-
Import the Axway policy in Axway Policy Studio.
-
Deploy the Axway policy.
-
Import the APIs from the Management virtual machine (VM) to Axway API Manager.