A PingAccess API access management sideband deployment enables an organization to quickly set up an environment that provides a secure method of managing access rights to API-based applications while integrating with existing identity management infrastructure and minimal network configuration changes.
With growing numbers of internal and external users, and more enterprise resources
available online, ensure that qualified users can access only those applications to
which they have permission. An
The PingAccess sideband plugin is installed on the API gateway serving the protected API applications and configured to communicate with PingAccess server also deployed on the network. When the API gateway intercepts a client request to a protected API resource, it performs the following actions:
- Intercepts inbound requests to API applications
- Sends requests to the PingAccess sideband API endpoint, sending along relevant request information needed by policy server
- Receives responses from policy server and follows the instructions from policy server, modifies the request as specified, and allows the request to proceed to the target resource
- Intercepts responses from the application
- Sends requests to the PingAccess sideband API
endpoint, sending along relevant response information needed by the policy server. endpoint One end in a communication channel, typically a URI.
- Applies modifications from the policy server and relays response
The PingAccess policy server listens for agent requests and performs the following actions:
- Evaluates application and resource-level policies and validates the tokens in
conjunction with an
OpenID Connect (OIDC)Policy configured within PingFederate OpenID Connect (OIDC) OIDC An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.
- Acquires the appropriate HTTP request header configuration from the associated identity mappings
- Sends a response with instructions on whether to allow the request and how to modify the client request headers