Page created: 6 Nov 2020
|
Page updated: 12 May 2021
Check ABS port availability
The default ports for connection with ABS are 8080 and 9090. Run the check_ports.sh script on the ASE machine to determine accessibility of ABS. Input ABS host IP address and ports as arguments.
/opt/pingidentity/ase/util ./check_ports.sh {ABS IPv4:[port]}Configure ASE
Update abs.conf located in the ASE
/opt/pingidentity/ase/config directory with ABS Engine address and
authentication keys:
- Configure abs_endpoint with the ABS Engine management IP address / host
name and port number (Default: 8080) which was configured in the
/opt/pingidentity/abs/config/abs.properties file. Note: Note: If ABS is in a different AWS security group, use a private IP address
- Configure ABS access_key and secret_key using the key values from the abs_init.js file located in /opt/pingidentity/abs/mongo.
Here is a sample abs.conf file:
; API Security Enforcer ABS configuration.
; This file is in the standard .ini format. The comments start with a semicolon (;).
; Following configurations are applicable only if ABS is enabled with true.
; a comma-separated list of abs nodes having hostname:port or ipv4:port as an address.
abs_endpoint=127.0.0.1:8080
; access key for abs node
access_key=OBF:AES://ENOzsqOEhDBWLDY+pIoQ:jN6wfLiHTTd3oVNzvtXuAaOG34c4JBD4XZHgFCaHry0
; secret key for abs node
secret_key=OBF:AES:Y2DadCU4JFZp3bx8EhnOiw:zzi77GIFF5xkQJccjIrIVWU+RY5CxUhp3NLcNBel+3Q
; Setting this value to true will enable encrypted communication with ABS.
enable_ssl=true
; Configure the location of ABS's trusted CA certificates. If empty, ABS's certificate
; will not be verified
abs_ca_cert_path=Important: Make sure that ASE and ABS are in the same time zone.