Configuring the authorization plugin for Kong Gateway
Learn how to configure the authorization plugin to set up a connection between Kong Gateway and PingOne.
Before you begin
Make sure the pingoneauthorize-api-tutorials
container is running in Docker.
Steps
-
To access Kong Manager, go to http://localhost:8002.
-
Select the default workspace, and then go to API Gateway > Plugins.
The
ping-auth
plugin is already installed in your tutorial environment. Now you’ll configure it. -
Click the More Options (⋮) icon next to the
ping-auth
plugin and select Edit. -
On the Edit Plugin: ping-auth page, click the toggle to enable the plugin.
Next, you’ll enter the service URL by copying it from PingOne Authorize.
-
In the PingOne admin console, go to Authorization > API Gateways.
This is where you register the gateway and authorize it to work with PingOne.
-
Copy the Service URL and enter it in the service_url field in Kong Manager.
You need a credential to authorize Kong Gateway to connect to PingOne. First, add the gateway.
-
In PingOne, click the icon next to API Gateways to add a gateway.
-
Enter
Kong
for the name of the gateway, and then click Save.Next, you’ll get the gateway credential to authorize Kong.
-
Click the icon next to Credentials and copy the credential. Click Done.
The gateway credential is the shared secret that authenticates the
ping-auth
plugin to PingOne Authorize. Version 1.2.0 of the plugin supports referenceable secrets. For security reasons, store the gateway credential in a vault supported by Kong. Learn more in Secrets Management and Environment Variables Vault in the Kong documentation. -
In Kong Manager, enter the gateway credential in the shared_secret field.
-
Click Save, and then click Update Plugin.
Result:
Kong Gateway is configured to work with PingOne. Try the Postman request again to see if access has changed.
-
In Postman, select the Get all memes by user.0 request and click Send.
Result:
You receive a
404 Not Found
error. This is because PingOne doesn’t recognize the Meme Game API yet. By default, requests to unknown APIs fail closed, ensuring that access to an unknown API is blocked.Troubleshooting:
Not getting the right results? Learn more in Viewing API Access Management events in your PingOne environment audit log.
Result
Now you have Kong Gateway connected to PingOne so that you can manage its access control behavior in PingOne.
Next steps
In the last step, the request was blocked because PingOne isn’t configured to recognize the Meme Game API yet. Let’s tackle that next.