Page created: 6 Nov 2020
|
Page updated: 12 May 2021
The apigee.properties file is required for all sideband Apigee configurations.
It is used to set properties for PingIntelligence policy tool after installation. It can
also be optionally configured to capture the user information. The file is available in
the /pingidentity/apigee/config/ directory.
The following table describes the variables in the file.
| Variable | Description |
|---|---|
configuration_store
|
Choose where ASE token is stored. The possible values are
kvm and custom. The default is
custom. When custom is chosen,
the ASE token is configured inside the PingIntelligence policy and
uploaded to Apigee Edge directly. When kvm is
chosen, the ASE token is stored in the KVM store. |
apigee_url
|
URL to connect to Apigee Edge Note: If your Apigee installation is on a private cloud,
then change the URL to the one that matches your Apigee
management server API IP:Port or hostname with
protocol. |
apigee_username
|
Username to connect to Apigee Edge |
apigee_password
|
Password to connect to Apigee Edge |
apigee_environment
|
The target environment for the PingIntelligence shared flow |
apigee_organization
|
The target organization for the PingIntelligence shared flow |
ase_host_primary
|
The ASE primary host IP address and port or hostname and port |
ase_host_secondary
|
The ASE secondary host IP address and port or hostname and
port. Note: This field cannot be left empty. In a testing environment, you
can provide the same IP address for primary and secondary ASE
host.
|
ase_ssl
|
Enable or disable SSL communication between Apigee Edge and ASE.
The default value is true. |
ase_sideband_token
|
Configure the ASE token generated during the prerequisite step. |
| Configuration properties to extract user information | |
enable_oauth_policy |
Choose whether to use the PingIntelligence OAuth Policy to extract
user_info or not. Possible values are
true or false. The default
value is false.
|
access_token_position |
Location of access_token in the API request. Possible values are
header or queryparam. The
default value is header. It is used in the
OAuthPolicy. For
example.Note: At present only Bearer prefix is supported in
Authorization header by Apigee. |
access_token_variable |
A variable to hold access_token value. The default value is
Authorization. It is used in the OAuthPolicy.
For
example, |
username_key_mapping |
This is used in the PingIntelligence policy to set the key of
username attribute in
access_token info. The default value is
username. |
client_id_key_mapping |
This is used in the PingIntelligence policy to set the key of
client_id attribute in
access_token info. The default value is
client_id. |
| Timeout configurations | |
connect_timeout |
Connection timeout in milliseconds between Apigee API gateway and PingIntelligence ASE. |
io_timeout |
Read timeout in milliseconds between Apigee API gateway and PingIntelligence ASE. |
keepalive_timeout |
Connection keepalive timeout between Apigee API gateway and PingIntelligence ASE. Make
sure that enable_keepalive to
true in ase.conf for
keepalive configuration to take effect.Note: Make sure that the
enable_sideband_keepalive is set to
true in ase.conf file
for keepalive connection between Apigee API gateway and ASE. For
more information, see ASE configuration - ase.conf. |
Note: Backslashes ' \' are not supported in
username and client_id values.The following is a sample apigee.properties file.
# Copyright 2020 Ping Identity Corporation. All Rights Reserved.
# Ping Identity reserves all rights in The program as delivered. Unauthorized use, copying,
# modification, reverse engineering, disassembling, attempt to discover any source code or
# underlying ideas or algorithms, creating other works from it, and distribution of this
# program is strictly prohibited. The program or any portion thereof may not be used or
# reproduced in any form whatsoever except as provided by a license without the written
# consent of Ping Identity. A license under Ping Identity's rights in the Program may be
# available directly from Ping Identity.
# KVM Mode kvm/custom
configuration_store=custom
# Apigee management server URL
apigee_url=https://api.enterprise.apigee.com
# Apigee management server username
apigee_username=
# Apigee management server username
apigee_password=
# Apigee environment to which it should be deployed
apigee_environment=prod
# Apigee organization name
apigee_organization=
# ASE Primary Host <IP/Host>:<port>
ase_host_primary=
# ASE Secondary Host <IP/Host>:<port>
ase_host_secondary=
# ASE SSL status
ase_ssl=true
# ASE sideband authentication token
ase_sideband_token=none
# Enable OAuth Policy (allowed values: true | false)
enable_oauth_policy=false
# Position of Access Token (allowed values: header | queryparam)
access_token_position=header
# access_token_position=header, access_token_variable=Authorization => -H "Authorization: Bearer Rft3dqrs56Blirls56a"
# access_token_position=header, access_token_variable=access_token => -H "access_token: Rft3dqrs56Blirls56a"
# access_token_position=queryparam, access_token_variable=access_token => ...?access_token=Rft3dqrs56Blirls56a
access_token_variable=Authorization
# username key mapping in access_token. This is the key of username in access_token attributes
username_key_mapping=username
# client_id key mapping in access_token. This is the key of client_id in access_token attributes
client_id_key_mapping=client_id
# connection timeout between Apigee and ASE. Value is in milliseconds
connect_timeout=5000
# read timeout between Apigee and ASE. Value is in milliseconds
io_timeout=5000
# keepalive timeout between Apigee and ASE. Value is in milliseconds
# set enable_keepalive to true in ase.conf for the below configuration to take effect
keepalive_timeout=30000
Note: If
configuration_store is set to
custom, the above configuration will be embedded into the
PingIntelligence policy. If configuration_store is set to
kvm, the above configuration is pushed to a key-value map store
while deploying the policy and is retrieved during policy execution.