PingOne

Configuring Kong Gateway for PingOne Authorize integration

Install the integration kit in Kong Gateway and configure it to integrate with PingOne Authorize.

About this task

Install the integration kit using LuaRocks.

Steps

  1. Install and load the plugin by following the LuaRocks steps in Kong’s installation guide.

    1. To install using LuaRocks, run the command:

      luarocks install kong-plugin-ping-auth
    2. After installation, load the plugin into Kong by editing the following property in kong.conf: plugins = bundled,ping-auth.

      Alternatively, use the environment variable KONG_PLUGINS = bundled,ping-auth.

    3. Start or restart Kong.

    4. To confirm loading, look for the debug-level message Loading plugin: ping-auth in Kong’s error.log.

  2. In Kong Manager, click your default workspace, and then click Plugins.

    Screen capture of the Plugins page in Kong Manager.
  3. Click Edit next to the ping-auth plugin.

  4. Click the toggle to enable the plugin.

    Screen capture of the Enable toggle for the ping-auth plugin in Kong Manager.
  5. If you want to enable the plugin for specific consumers, services, or routes, click Scoped and then enter Service, Route, and Consumer information as needed.

  6. Paste the Service URL from the API Gateway you added in PingOne Authorize into the Config.Service Url field in Kong Manager.

    This is the full URL of the Ping Identity policy provider.

    Screen capture of ping-auth plugin configuration fields in Kong Manager.
  7. Paste the API Gateway credential you created in PingOne Authorize into the Config.Shared Secret field in Kong Manager.

    The shared secret authenticates the authorization plugin to PingOne Authorize.

  8. If needed, configure additional options in Kong Manager.

    Option Description

    Config.Connection KeepAlive Ms

    The duration to keep the connection alive for reuse. The default is 6000.

    Config.Connection Timeout Ms

    The duration to wait before the connection times out. The default is 10000.

    Config.Enable Debug Logging

    Controls if requests and responses are logged at the debug level. The default is false.

    For log messages to show in the error.log, you must set log_level = debug in kong.conf.

    Config.Verify Service Certificate

    Controls whether the service certificate is verified. This is intended for testing purposes, and the default is true.

  9. Click Update, and then click Update Plugin.

    Result:

    Kong Gateway is now configured to work with PingOne Authorize.

Next steps

Define a managed API service that represents your API so that PingOne Authorize can help your API gateway enforce access control. For more information, see Defining your API in PingOne Authorize.