PingOne

Configuring the authorization plugin for Kong Gateway

Learn how to configure the authorization plugin to set up a connection between Kong Gateway and PingOne.

Before you begin

Make sure the pingoneauthorize-api-tutorials container is running in Docker.

Steps

  1. To access Kong Manager, go to http://localhost:8002.

  2. Select your default workspace, and then go to API Gateway → Plugins.

    Screen capture of the Plugins page in Kong Manager showing the ping-auth plugin.

    The ping-auth plugin is already installed in your tutorial environment. Now you’ll configure it.

  3. Click Edit, and then click the toggle to enable the plugin.

    Screen capture of the Enable toggle for the ping-auth plugin in Kong Manager.

    Next, you’ll enter the service URL by copying it from PingOne Authorize.

  4. In PingOne, go to Authorization > API Gateways.

    This is where you register the gateway and authorize it to work with PingOne.

    Screen capture of the API Gateways page in PingOne Authorize.

  5. Copy the Service URL and enter it in the Config.Service Url field in Kong Manager.

    Screen capture of ping-auth plugin Config.Service Url and Config.Shared Secret fields in Kong Manager.

    You need a credential to authorize Kong Gateway to connect to PingOne. First, add the gateway.

  6. In PingOne, click the icon next to API Gateways to add a gateway.

  7. Enter Kong for the name of the gateway, and then click Save.

    Screen capture of the Add an API Gateway window in PingOne Authorize.

    Next you’ll get the gateway credential to authorize Kong.

  8. Click the icon next to Credentials and copy the credential. Click Done.

    Screen capture of the API Gateway credential window in PingOne Authorize.

  9. Enter the credential in the Config.Shared Secret field in Kong Manager.

  10. Click Update, and then click Update Plugin.

    Result:

    Kong Gateway is configured to work with PingOne. Try the Postman request again to see if access has changed.

  11. In Postman, select the Get all memes by user.0 request and click Send.

    Result:

    You receive a 404 Not Found error. This is because PingOne doesn’t recognize the Meme Game API yet. By default, requests to unknown APIs fail closed, ensuring that access to an unknown API is blocked.

    Troubleshooting:

    Not getting the right results? See Viewing API Access Management events in your PingOne environment audit log.

Result

Now you have Kong Gateway connected to PingOne so that you can manage its access control behavior in PingOne.

Next steps

In the last step, the request was blocked because PingOne isn’t configured to recognize the Meme Game API yet. Let’s tackle that next.