Complete the following prerequisites before deploying the PingIntelligence policy on APIM:

  • Confirm that the Azure API Management Service is available
  • Version : The PingIntelligence policy supports Azure APIM Q2CY2020 version. If you are using any other version, contact Ping Identity support.
  • Confirm that the APIs to which you want to apply the PingIntelligence policy are available
  • Configure CA certificate in APIM: If you want to use the ASE self-signed certificate, then configure the CA certificate from the Security -> CA certificates section.
  • PingIntelligence policy application
    Select one of the following four levels to apply the PingIntelligence policy: .
    • For all the APIs
    • For a group of APIs, that is, at the product level
    • For individual APIs
    • For a specific operation in the API
  • PingIntelligence software installation

    Install and configure PingIntelligence software. Refer to the PingIntelligence deployment guide for your environment.

  • Verify that ASE is in sideband mode

    Check that ASE is in sideband mode by running the following ASE command:

    /opt/pingidentity/ase/bin/ status
    API Security Enforcer
    status                  : started
    mode                    : sideband
    http/ws                 : port 80
    https/wss               : port 443
    firewall                : enabled
    abs                     : disabled, ssl: enabled
    abs attack              : disabled
    audit                   : enabled
    sideband authentication : disabled
    ase detected attack     : disabled
    attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
    google pubsub           : disabled
    log level               : debug
    timezone                : local (UTC)
    If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.
  • Enable sideband authentication: For a secure communication between APIM and ASE, enable sideband authentication by entering the following ASE command:
    # ./bin/ enable_sideband_authentication -u admin –p
  • Generate sideband authentication token

    A token is required for APIM to authenticate with ASE. To generate the token in ASE, enter the following ASE command:

    # ./bin/ -u admin -p admin create_sideband_token
    Save the generated authentication token for further use.