Integrating PingOne Authorize with Kong Gateway

Ping Identity’s integration kit for Kong extends Kong’s authorization capabilities through an external policy evaluation service.

Integration with Kong Gateway allows centralized management of API access control and application protection in PingOne Authorize while delegating enforcement to Kong Gateway. Learn more about how traffic flows through Kong Gateway and PingOne Authorize in How API Access Management works.

Configure the integration kit in Kong Gateway to enable management of access control rules in PingOne Authorize. The integration kit works with Kong Gateway or Kong Konnect.

Support for Kong Konnect is available in version 1.0.8 and later of the ping-auth plugin.

To configure the integration kit:

Set up an API gateway in PingOne Authorize.
Configure the ping-auth plugin in Kong Gateway.

The following are important usage notes for the Kong Gateway integration kit:

Transfer-encoding: A Kong limitation currently prevents the ping-auth plugin from supporting the Transfer-Encoding header, regardless of the value.
Logging limit: Because of Kong’s log level limit, log messages are limited to 2048 bytes by default, which is less than the size of many requests and responses. Learn more in the OpenResty reference documentation.
Request body limit: The ping-auth plugin might not receive client request bodies that exceed Kong’s default buffer limit of 8 KB. If the request body is missing, check the nginx_http_client_body_buffer_size setting in kong.conf and increase its value to accommodate your maximum expected request body size. Learn more in nginx_http_client_body_buffer_size.