Confirm that the following prerequisites are met before using the PingIntelligence Apigee tool.
- Apigee version - PingIntelligence 4.0 and later works with Apigee Edge Cloud 18.12.04
- The machine where the PingIntelligence Apigee tool is installed has anyone of OpenJDK versions between 11.0.2 to 11.0.6 installed.
-
PingIntelligence software installation
PingIntelligence 4.0 or later software are installed and configured. For installation of PingIntelligence software, see the manual or platform specific automated deployment guides.
Verify that ASE is in sideband mode
Make sure that in ASE is insideband
mode by running the following command in the ASE command line:
If ASE is not in/opt/pingidentity/ase/bin/cli.sh status API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
sideband
mode, then stop ASE and change the mode by editing the/opt/pingidentity/ase/config/ase.conf
file. Setmode
assideband
and start ASE.-
Enable sideband authentication: For a secure communication between Apigee
Edge and ASE, enable sideband authentication by entering the following command
in the ASE command line:
# ./bin/cli.sh enable_sideband_authentication -u admin –p
-
Generate sideband authentication token
A token is required for Apigee Edge to authenticate with ASE. This token is generated in ASE and configured in the
apigee.properties
file of PingIntelligence automated policy tool. To generate the token in ASE, enter the following command in the ASE command line:
Save the generated authentication token for further use.# ./bin/cli.sh -u admin -p admin create_sideband_token
- Verify the certificate in ase.pem in case of self-signed
certificatesMake sure that the certificate applied for ASE data port matches with the certificate present in the ase.pem certificate file to prevent SSL issues after policy deployment. Run the following command to obtain the certificate used in ASE data port. If the certificates do not match, paste the correct certificate in the /opt/pingidentity/pi/apigee/certs/ase.pem file.
# openssl s_client -showcerts -connect <ASE IP address>:<port no> </dev/null 2>/dev/null | openssl x509 -outform PEM > ase.pem