Prerequisites - PingIntelligence for APIs

Prerequisites - PingIntelligence for APIs - 4.4

PingIntelligence

bundle

pingintelligence-44

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 4.4

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-44

pingintelligence

private

ContentType_ce

Page created: 6 Nov 2020 |

Page updated: 12 May 2021

| 2 min read

4.4 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product Administration User task Configuration Configuration Integration

Complete the following prerequisites before deploying the PingIntelligence policy on APIM:

Prerequisite:

Confirm that the Azure API Management Service is available
Version : The PingIntelligence policy supports Azure APIM Q2CY2020 version. If you are using any other version, contact Ping Identity support.
Confirm that the APIs to which you want to apply the PingIntelligence policy are available
Configure CA certificate in APIM: If you want to use the ASE self-signed certificate, then configure the CA certificate from the Security -> CA certificates section.
PingIntelligence policy application
Select one of the following four levels to apply the PingIntelligence policy: .
- For all the APIs
- For a group of APIs, that is, at the product level
- For individual APIs
- For a specific operation in the API
PingIntelligence software installation
Install and configure PingIntelligence software. Refer to the PingIntelligence deployment guide for your environment.

Verify that ASE is in sideband mode

Check that ASE is in sideband mode by running the following ASE command:

/opt/pingidentity/ase/bin/cli.sh status
API Security Enforcer
status                  : started
mode                    : sideband

http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : disabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
google pubsub           : disabled
log level               : debug
timezone                : local (UTC)

If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.

Enable sideband authentication: For a secure communication between APIM and ASE, enable sideband authentication by entering the following ASE command:
```
# ./bin/cli.sh enable_sideband_authentication -u admin –p
```
Generate sideband authentication token
A token is required for APIM to authenticate with ASE. To generate the token in ASE, enter the following ASE command:
```
# ./bin/cli.sh -u admin -p admin create_sideband_token
```
Save the generated authentication token for further use.