Configuring the ping-auth plugin in Konnect
After you’ve uploaded the ping-auth
plugin’s schema to Konnect, configure the plugin in Gateway Manager, or use the Kong API.
Test the operation of the |
-
Gateway Manager UI
-
Kong API
Configuring the plugin using the Gateway Manager UI
Steps
-
In Gateway Manager, open Plugins from the side navigation, then click New Plugin.
-
On the Custom Plugins tab, click the ping-auth plugin.
-
Optional: To enable the plugin for specific consumers, services, or routes, click Scoped, and then enter Service, Route, and Consumer information.
-
In the Service Url field, enter the API gateway service URL that you saved when you prepared PingOne Authorize for Konnect integration.
-
In the Shared Secret field, enter the credential that you saved earlier.
-
Configure the following additional fields:
Option API Field Name Description Connection KeepAlive Ms
connection_keepAlive_ms
The duration to keep the connection alive for reuse. The default is
60000
.Connection Timeout Ms
connection_timeout_ms
The duration to wait before the connection times out. The default is
10000
.Enable Debug Logging
enable_debug_logging
Controls if the requests and responses are logged at the debug level. The default is
false
. For log messages to show inerror.log
, you must setlog_level = debug
inkong.conf
.Verify Service Certificate
verify_service_certificate
Controls whether the service certificate is verified. This is intended for testing purposes and the default is
true
. -
Click Save.
Result
Kong Konnect is now configured to work with PingOne Authorize.
Configuring the plugin using the Kong API
Steps
-
Send the following in a
POST
request tohttps://{region}.api.konghq.com/konnect-api/api/runtime_groups/{controlPlaneId}/plugins
:{ "name": "ping-auth", "enabled": true, "config": { "enable_debug_logging": true, "verify_service_certificate": false, "secret_header_name": "<shared secret header name>", "service_url": "https://<PingOne Server hostname>", "shared_secret": "<shared secret>" } }
The following fields are required for this API request:
Secret_header_name
-
The header name in which the shared secret is provided. You can provide additional configuration in accordance with the Kong API specification.
Service_url
-
The full service URL of the API gateway in PingOne.
Shared_secret
-
The shared secret value to authenticate this plugin to PingOne.
You saved these credentials when you prepared PingOne Authorize for Konnect integration. To find the credentials in PingOne, go to Authorization → API Gateways.
-
Optional: Configure additional fields:
Option API Field Name Description Connection KeepAlive Ms
connection_keepAlive_ms
The duration to keep the connection alive for reuse. The default is
60000
.Connection Timeout Ms
connection_timeout_ms
The duration to wait before the connection times out. The default is
10000
.Enable Debug Logging
enable_debug_logging
Controls if the requests and responses are logged at the debug level. The default is
false
. For log messages to show inerror.log
, you must setlog_level = debug
inkong.conf
.Verify Service Certificate
verify_service_certificate
Controls whether the service certificate is verified. This is intended for testing purposes and the default is
true
.
Result
Kong Konnect is now configured to work with PingOne Authorize.