PingIntelligence

Managing the ASE allow list

To manage API Security Enforcer (ASE) operations for OAuth2 tokens, cookies, Internet Protocol (IP) addresses, username, and application programming interface (API) keys on an allow list.

About this task

To manage the ASE allow list:

Steps

  • To add an IP address to an allow list, run the add_whitelist command with the ip option:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist ip 10.10.10.10
ip 10.10.10.10 added to whitelist

  • To add a cookie to an allow list, run the add_whitelist command with the cookie option:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist cookie JSESSIONID cookie_1.4
cookie JSESSIONID cookie_1.4 added to whitelist

  • To add a token to an allow list, run the add_whitelist with the token option:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist token token1.4
token token1.4 added to whitelist

  • To add an API key to an allow list, run the add_whitelist command with the api_key option:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist api_key X-API-KEY key_1.4
api_key X-API-KEY key_1.4 added to whitelist

  • To add a username to an allow list, run the add_whitelist command with the username option:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin add_whitelist username user1
username user1 added to whitelist

  • To view an allow list, run the view_whitelist command:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin view_whitelist
Whitelist
1) type : ip, value : 1.1.1.1
2) type : cookie, name : JSESSIONID, value : cookie_1.1
3) type : token, value : token1.3
4) type : api_key, name : X-API-KEY, value : key_1.4

  • To delete an entry from an allow list, run the delete_whitelist command:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist ip 4.4.4.4
ip 4.4.4.4 deleted from whitelist

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist cookie JSESSIONID cookie_1.1
cookie JSESSIONID cookie_1.1 deleted from whitelist

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist token token1.1
token token1.1 deleted from whitelist

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist api_key X-API-KEY key_1.4
api_key X-API-KEY key_1.4 deleted from whitelist

/opt/pingidentity/ase/bin/cli.sh -u admin -p admin delete_whitelist username user1
username user1 deleted from whitelist

  • To clear the allow list, run the clear_whitelist command:

    /opt/pingidentity/ase/bin/cli.sh -u admin -p admin clear_whitelist
This will delete all whitelist Attacks, Are you sure (y/n) : y
Whitelist cleared