Configuring Apigee for PingAccess integration - PingAccess - 7.2

PingAccess

bundle
pingaccess-72
ft:publication_title
PingAccess
Product_Version_ce
PingAccess 7.2
category
Product
pa-72
pingaccess
ContentType_ce

Install the PingAuth shared flow bundle in Apigee and configure it to integrate with PingAccess.

  1. Upload the shared flow bundle.
    • If you are using Apigee X, go to Develop > Shared Flows and click Upload Bundle. Upload the PingAuth shared flow .zip file, and name the shared flow PingAuth.
    • If you are using Apigee Edge or Apigee Private Cloud, click +Shared Flow, then click Upload Bundle. Upload the PingAuth shared flow bundle .zip file, and name the shared flow PingAuth.
    This screen capture shows the Create a Shared Flow window with the text PingAuth entered in the Name field.
  2. If you are using Apigee X, configure the connection to PingAccess.
    Note:

    Unlike Apigee Edge, Apigee X doesn't currently support managing the configuration values stored in key value maps in the Apigee interface. You must add these configuration values to the key value map policy. The key value map is created and the configuration values are added the first time the PingAuth shared flow is executed at runtime.

    1. Go to the PingAuth shared flow at Develop > Shared Flows > PingAuth.
    2. Click the Develop tab and examine Revisions to make sure you are on the latest revision.
    3. In the Policies panel on the left, click the Load KVM Config policy.
    4. In the policy editor panel, remove the comment lines above and below the InitialEntries element.
    5. Edit the values for service_host_port and shared_secret to match the values that you obtained earlier.
    6. Click Save.
    This screen capture shows a completed Apigee X configuration. The service_host_port parameter is highlighted.
  3. If you are using Apigee Edge or Apigee Private Cloud, configure the connection to PingAccess.

    Apigee Edge stores environment-specific configuration values in key value maps so that the same policies can be used across multiple deployment environments without any changes to the policies.

    1. Go to Environment > Key Value Maps and click +Key Value Map.
    2. Edit the key value map and click Add Entry. Use the key names service_host_port and shared_secret, and set the values to match the ones that you obtained earlier.
    3. Click Save.
    This screen capture shows a completed Apigee Edge or Apigee Private Cloud configuration on the Key Value Maps tab.
  4. Optional: Configure HTTPS trust for PingAccess.

    By default, the PingAuth shared flow is configured to only trust the PingAccess Sideband Listener HTTPS certificates if it is issued from a well-known CA. To trust specific HTTPS certificates for PingAccess servers:

    1. Go to the PingAuth shared flow at Develop > Shared Flows > PingAuth.
    2. Click the Develop tab and examine Revisions to make sure you are on the latest revision.
    3. In the Policies section of the Navigator, click the Sideband Call policy.
    4. In the policy editor panel, remove the comment characters surrounding the TrustStore element.
      Screen capture of the policy editor panel. The uncommented TrustStore element is highlighted.
    5. Click Save.
    6. Go to Environment > TLS Keystores and click +Keystore.
    7. Give the key store a name that helps you identify your PingAccess environment, such as PingAccess-dev-truststore.
    8. Click + to add a certificate, give the certificate an alias, and upload the certificate that you obtained earlier. Click Save.
      This screen capture shows a configured TLS keystore certificate.
    9. Go to Environment > References and click +Reference.
    10. In the Name field, enter PingAuthTrust.
    11. Select the key store you created earlier, then click Save.
      This screen capture shows a configured PingAuthTrust reference.
  5. Deploy the shared flow:
    1. Go to Develop > Shared Flows > PingAuth.
    2. Deploy the most recent revision of the shared flow to your environment.