Before Apigee can use PingAccess as an external authorization policy runtime service, you must prepare PingAccess to receive authorization requests from Apigee.
  1. Enable the Sideband service:
    1. Edit the <PA Home>/conf/ file and set sideband.http.enabled=true.
    2. Optional: By default, PingAccess will listen for sideband clients on port 3020. You can choose a different port by editing the value of the sideband.http.port property.
    3. Restart PingAccess.
  2. Add a sideband client for Apigee:
    1. Go to Applications > Sideband Clients and click +Add Sideband Client.
    2. Give the client a name that helps you identify the Apigee environment, such as Apigee-dev.
    3. Click +Add Secret.
    4. Keep the header name of CLIENT-TOKEN unchanged, and copy the shared secret value.

      You will need thisduring the Apigee configuration.

    5. Click Save.
  3. Optional: Download the sideband listener HTTPS certificate.

    By default, the PingAuth shared flow is configured to only trust the PingAccess Sideband Listener HTTPS certificate if it is issued from a well-known certificate authority (CA). To trust specific HTTPS certificates for PingAccess servers:

    1. Go to Security > Key Pairs.
    2. Click the Pencil icon next to the key pair labeled SIDEBAND.
    3. Click Download Certificate and save the public key certificate. You will need this during the Apigee configuration.