PingIntelligence

Preparing to configure the Axway API Gateway

Complete the following before configuring the Axway API Gateway.

About this task

To connect PingIntelligence API Security Enforcer (ASE) with the Axway API Gateway:

Steps

  1. Confirm the Axway version is 7.5.3 or higher.

    PingIntelligence works with Axway 7.5.3 or higher.

  2. Optional: To detect username-based attacks, make sure that the OAuth token store is configured in Axway.

    A screenshot of the Axway OAuth Security Device window with the Remove credentials on success toggle highlighted with a black circle.
  3. Install and configure the PingIntelligence software.

    Refer to the PingIntelligence deployment guide for your environment type.

  4. Verify that ASE is in sideband mode by running the following ASE command:

    /opt/pingidentity/ase/bin/cli.sh status

    Result:

    API Security Enforcer
    status                  : started
     mode : sideband
    http/ws                 : port 80
    https/wss               : port 443
    firewall                : enabled
    abs                     : enabled, ssl: enabled
    abs attack              : disabled
    audit                   : enabled
    sideband authentication : disabled
    ase detected attack     : disabled
    attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB

    Troubleshooting:

    If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.

  5. For a secure communication between Axway and ASE, enable sideband authentication by entering the following ASE command:

    # ./bin/cli.sh enable_sideband_authentication -u admin –p
  6. Generate sideband authentication token by entering the following ASE command. Save the generated authentication token for further use.

    A token is required for Axway to authenticate with ASE.

    # ./bin/cli.sh -u admin -p admin create_sideband_token
  7. If you are using AAD to automate API definition updates on PingIntelligence, open the following ports:

    • The management port to fetch API definitions from Axway. The default port is 8075.

    • Port 8010 in ASE for AAD to add API definitions.

  8. Import the Axway policy in Axway Policy Studio.

  9. Deploy the Axway policy.

  10. Import the APIs from the Management virtual machine (VM) to Axway API Manager.