Prerequisites to deploying PingIntelligence shared flow - PingIntelligence for APIs

Prerequisites to deploying PingIntelligence shared flow - PingIntelligence for APIs - 5.0

PingIntelligence

bundle

pingintelligence-50

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.0

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-50

pingintelligence

private

ContentType_ce

Page created: 12 May 2021 |

Page updated: 1 Nov 2021

| 2 min read

5.0 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product Administration User task Configuration

Confirm that the following prerequisites are met before using the PingIntelligence Apigee tool.

Prerequisite:

Apigee version - PingIntelligence 4.0 and later works with Apigee Edge Cloud 18.12.04
The machine where the PingIntelligence Apigee tool is installed has anyone of OpenJDK versions between 11.0.2 to 11.0.6 installed.
PingIntelligence software installation
PingIntelligence4.0 or later software are installed and configured. For installation of PingIntelligencesoftware, see the manual or platform specific automated deployment guides.

Verify that ASE is in sideband mode

Make sure that in ASE is in sideband mode by running the following command in the ASE command line:

/opt/pingidentity/ase/bin/cli.sh status
API Security Enforcer
status                  : started
mode                   : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : enabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB

If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.

Enable sideband authentication: For a secure communication between Apigee Edge and ASE, enable sideband authentication by entering the following command in the ASE command line:
```
# ./bin/cli.sh enable_sideband_authentication -u admin –p
```
Generate sideband authentication token
A token is required for Apigee Edge to authenticate with ASE. This token is generated in ASE and configured in the apigee.properties file of PingIntelligence automated policy tool. To generate the token in ASE, enter the following command in the ASE command line:
```
# ./bin/cli.sh -u admin -p admin create_sideband_token
```
Save the generated authentication token for further use.
Verify the certificate in ase.pem in case of self-signed certificates
Make sure that the certificate applied for ASE data port matches with the certificate present in the ase.pem certificate file to prevent SSL issues after policy deployment. Run the following command to obtain the certificate used in ASE data port. If the certificates do not match, paste the correct certificate in the /opt/pingidentity/pi/apigee/certs/ase.pem file.
```
# openssl s_client -showcerts -connect <ASE IP address>:<port no> </dev/null 2>/dev/null | openssl x509 -outform PEM > ase.pem
```