Preparing to deploy the PingIntelligence policy on APIM

Confirm that the Azure APIM Service is available.

Confirm that the APIs to which you want to apply the PingIntelligence policy are available.

To use the API Security Enforcer (ASE) self-signed certificate, configure the CA certificate from the Security → CA certificates the section.

Select one of the following four levels to apply the PingIntelligence policy:

Install and configure the PingIntelligence software.

Verify that ASE is in sideband mode by running the following ASE command:

/opt/pingidentity/ase/bin/cli.sh status

Result:

API Security Enforcer
status                  : started
 mode : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : disabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
google pubsub           : disabled
log level               : debug
timezone                : local (UTC)

Troubleshooting:

For a secure communication between APIM and ASE, enable sideband authentication by entering the following ASE command:

# ./bin/cli.sh enable_sideband_authentication -u admin –p

A token is required for APIM to authenticate with ASE. To generate the token in ASE, enter the following ASE command and save the generated authentication token for further use:

# ./bin/cli.sh -u admin -p admin create_sideband_token