Apigee might return HTTP 502 when there is misconfiguration or miscommunication between the PingAuth Shared Flow for Apigee and PingAuthorize Server.

To address 5xx errors, make adjustments to the Load KVM Config policy assigned to PingAuth in Apigee X or the key value map that you created for the PingAuth Shared Flow in Apigee Edge or Apigee Private Cloud.

The PingAuth Shared Flow for Apigee logs warning messages to the Apigee error log when it encounters problems communicating with PingAuthorize. For more information, see Enable logging in Apigee.

  • Check the PingAuth Shared Flow service_host_port value.

    If the Apigee service_host_port value does not match your PingAuthorize server environment, the Apigee error log message might indicate that the plugin received an invalid response from the server.

    1. Confirm that the value entered for service_host_port matches the host name of your PingAuthorize server and the port of the HTTPS connection handler.

      You can find this port number on the Configuration page of the PingAuthorize administration console by going to System > Connection Handlers.

    2. If necessary, update the service_host_port value to match your PingAuthorize server.
  • Check the PingAuth Shared Flow shared secret.

    If the shared secret doesn’t match the API gateway credential in PingAuthorize, the Apigee error log message might indicate that the plugin received an HTTP 401 error from PingAuthorize, which gets translated to a 5xx error and then sent to the API client.

    1. Confirm that the value of the shared_secret key that you created in Apigee matches the shared secret value that you created for PingAuthorize.
    2. If necessary, on the Configuration page of the PingAuthorize administration console, go to Web Services and Applications > HTTP Servlet Extensions > Sideband API and update the value of the shared secret.
    3. Copy the new value of the shared secret and update the value of the Apigee shared_secret key.