Complete the following prerequisites for PingIntelligence and Kong API gateway before deploying the PingIntelligence plugin:
PingIntelligence prerequisites
- PingIntelligence software: Make sure that PingIntelligence software is already installed. For more information on PingIntelligence for APIs installation, see Automated deployment guide or Manual deployment guide.
- Verify ASE mode: Make sure that ASE is deployed in
sideband
mode. Run the status command to check the ASE mode:
If ASE is not in/opt/pingidentity/ase/bin/cli.sh status API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
sideband
mode, then stop ASE and change the mode by editing the/opt/pingidentity/ase/config/ase.conf
file. Setmode
assideband
and start ASE. For more information onase.conf
file, see Sideband ASE configuration using the ase.conf file -
Enable sideband authentication - Enable sideband authentication if you
want secure communication between Kong and ASE by entering the following command
in the ASE command line:
Generate sideband authentication token# ./bin/cli.sh enable_sideband_authentication -u admin –p
A token is required for Kong to authenticate with ASE. This token is generated in ASE and configured in the
kong.yml
file of PingIntelligence plugin. To generate the token in ASE, enter the following command in the ASE command line:
Save the generated authentication token for further use.# ./bin/cli.sh -u admin -p admin create_sideband_token
- Configure keepalive in ase.conf - If you want to keep alive the
connections beteen Kong and ASE, set the value of
enable_sideband_keepalive
totrue
. If ASE is already running, stop ASE, edit the ase.conf file and then start ASE. For more information on keepalive paramter, see Sideband ASE configuration using the ase.conf file.
Kong Prerequisites
- Kong API gateway is already installed
- Luarocks, the Lua package manager, is installed on all the Kong nodes where you want to deploy the PingIntelligence module.