Prerequisite is divided in three sections. Prerequisite for PingIntelligence applies to both RHEL 7.6 and Ubuntu 16.0.4. Complete the prerequisite based on your operating system. The prerequisite section is divided in the following four sections:

Prerequisites for PingIntelligence

This section assumes that you have installed and configured PingIntelligence software. For more information on PingIntelligence installation, see PingIntelligence setup or PingIntelligence manual deployment

  • Verify that ASE is in sideband mode: Log in to your ASE machine and check that ASE is in sideband mode by running the following status command:

    /opt/pingidentity/ase/bin/cli.sh status
    API Security Enforcer
    status                  : started
    mode                    : sideband
    http/ws                 : port 80
    https/wss               : port 443
    firewall                : enabled
    abs                     : enabled, ssl: enabled
    abs attack              : disabled
    audit                   : enabled
    sideband authentication : disabled
    ase detected attack     : disabled
    attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB
    If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.
  • Enable sideband authentication: For secure communication between NGINX and ASE, enable sideband authentication by entering the following ASE command:
    # ./bin/cli.sh enable_sideband_authentication -u admin –p admin
  • Generate sideband authentication token

    A token is required for NGINX to authenticate with ASE. To generate the token in ASE, enter the following command in the ASE command line:

    # ./bin/cli.sh -u admin -p admin create_sideband_token
    Save the generated authentication token for further use in Configure NGINX Plus for RHEL 7.6 or Configure NGINX Plus for Ubuntu 16.0.4.

Prerequisites for RHEL 7.6

Complete the following prerequisites before deploying PingIntelligence policy on NGINX Plus:

  • NGINX Plus version: The PingIntelligence policy modules are complied for NGINX Plus R16. If you have a different version of NGINX Plus, contact Ping Identity support.
  • RHEL version: RHEL 7.6. Verify your RHEL version by entering the following command on your machine:
    $ cat /etc/redhat-release
    Red Hat Enterprise Linux Server release 7.6 (Maipo)
    
  • OpenSSL version: OpenSSL 1.0.2k-fips on your RHEL 7.6 machine. You can the check the OpenSSL version using the openssl version command.
    $ openssl version
    OpenSSL 1.0.2k-fips  26 Jan 2017
    Important: The PingIntelligence modules for NGINX Plus have been specifically compiled for RHEL 7.6 and OpenSSL 1.0.2k-fips. If you have different versions of these component, contact Ping Identity support.
  • Configure NGINX Plus certificates: Complete the following steps to configure certificate for NGINX Plus:
    1. Create a directory for SSL certificates:
      # sudo mkdir -p /etc/ssl/nginx
    2. Login to NGINX customer portal and download nginx-repo.key and nginx-repo.crt to /etc/ss/nginx
    For more information, see Installing NGINX Plus
  • Download dependencies for RHEL: Run the following command to download dependencies for RHEL:
    # yum install wget ca-certificates

Prerequisites for Ubuntu 16.0.4

Complete the following prerequisites before deploying PingIntelligence policy on NGINX Plus:

  • NGINX version: The PingIntelligence policy modules are complied for NGINX Plus R16. If you have a different version of NGINX Plus, contact Ping Identity support.
  • Ubuntu version: Ubuntu 16.04 LTS. Run the following command to check your Ubuntu version:
    $ cat /etc/os-release
    NAME="Ubuntu"
    VERSION="16.04 LTS (Xenial Xerus)"
    ID=ubuntu
    ID_LIKE=debian
    PRETTY_NAME="Ubuntu 16.04.6 LTS"
    VERSION_ID="16.04"
    HOME_URL="http://www.ubuntu.com/"
    SUPPORT_URL="http://help.ubuntu.com/"
    BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
    VERSION_CODENAME=xenial
    UBUNTU_CODENAME=xenial
    
  • OpenSSL version: OpenSSL 1.0.2g. You can the check the OpenSSL version using the openssl version command:
    $ openssl version
    OpenSSL 1.0.2g  26 Jan 2017
  • Download dependencies for Ubuntu: Run the following command to download dependencies for Ubuntu:
    
    # sudo apt-get install apt-transport-https lsb-release ca-certificates
    
  • Configure NGINX Plus certificates: Complete the following steps to configure certificate for NGINX Plus:
    1. Create a directory for SSL certificates:
      # sudo mkdir -p /etc/ssl/nginx
    2. Login to NGINX customer portal and download nginx-repo.key and nginx-repo.crt to /etc/ssl/nginx
    For more information, see Installing NGINX Plus
Important: The PingIntelligence modules are specifically compiled for Ubuntu 16.0.4 and OpenSSL 1.0.2g. If you do not have these specific versions of Ubuntu and OpenSSL, contact Ping Identity support.

Prerequisites for Debian 9

Complete the following prerequisites before deploying PingIntelligence policy on NGINX Plus:
  • NGINX version: The PingIntelligence policy modules are complied for NGINX Plus R19. If you have a different version of NGINX Plus, contact Ping Identity support.
  • Debian version:Debian 9 (stretch). Run the following command to check your Debian version:
    $ cat /etc/os-release
    PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
    
    NAME="Debian GNU/Linux"
    VERSION_ID="9"
    VERSION="9 (stretch)"
    VERSION_CODENAME=stretch
    ID=debian
    HOME_URL="https://www.debian.org/"
    SUPPORT_URL="https://www.debian.org/support"
    BUG_REPORT_URL="https://bugs.debian.org/"
    
  • OpenSSL version: OpenSSL 1.1.0l. You can the check the OpenSSL version using the openssl version command:
    $ openssl version
    OpenSSL 1.1.0l  10 Sep 2019
    
  • Configure NGINX Plus certificates: Complete the following steps to configure certificate for NGINX Plus:
    1. Create a directory for SSL certificates:
      # sudo mkdir -p /etc/ssl/nginx
    2. Login to NGINX customer portal and download nginx-repo.key and nginx-repo.crt to /etc/ssl/nginx
    For more information, see Installing NGINX Plus