Configuring Kong Gateway for PingOne Authorize integration
Install the integration kit in Kong Gateway and configure it to integrate with PingOne Authorize.
About this task
Install the integration kit using LuaRocks.
Steps
-
Install and load the plugin by following the LuaRocks steps in Kong’s installation guide.
-
To install using LuaRocks, run the command:
luarocks install kong-plugin-ping-auth
-
After installation, load the plugin into Kong by editing the following property in
kong.conf
:plugins = bundled,ping-auth
.Alternatively, use the environment variable
KONG_PLUGINS = bundled,ping-auth
. -
Start or restart Kong.
-
To confirm loading, look for the debug-level message
Loading plugin: ping-auth
in Kong’serror.log
.
-
-
In Kong Manager, click your default workspace, and then click Plugins.
-
Click Edit next to the
ping-auth
plugin. -
Click the toggle to enable the plugin.
-
If you want to enable the plugin for specific consumers, services, or routes, click Scoped and then enter Service, Route, and Consumer information as needed.
-
Paste the Service URL from the API Gateway you added in PingOne Authorize into the Config.Service Url field in Kong Manager.
This is the full URL of the Ping Identity policy provider.
-
Paste the API Gateway credential you created in PingOne Authorize into the Config.Shared Secret field in Kong Manager.
The shared secret authenticates the authorization plugin to PingOne Authorize.
-
If needed, configure additional options in Kong Manager.
Option Description Config.Connection KeepAlive Ms
The duration to keep the connection alive for reuse. The default is
6000
.Config.Connection Timeout Ms
The duration to wait before the connection times out. The default is
10000
.Config.Enable Debug Logging
Controls if requests and responses are logged at the debug level. The default is
false
.For log messages to show in the
error.log
, you must setlog_level = debug
inkong.conf
.Config.Verify Service Certificate
Controls whether the service certificate is verified. This is intended for testing purposes, and the default is
true
. -
Click Update, and then click Update Plugin.
Result:
Kong Gateway is now configured to work with PingOne Authorize.
Next steps
Define a managed API service that represents your API so that PingOne Authorize can help your API gateway enforce access control. For more information, see Defining your API in PingOne Authorize.