Complete the following prerequisites before deploying the PingIntelligence policy.
- IBM APIC v220.127.116.11
- IBM DataPower Gateway 2018.4.10
Verify User permissions- To configure PingIntelligence policy, the user must have permissions to edit and publish APIs in the API Manager.
Install PingIntelligence software- PingIntelligence software should be installed and configured. For more information on PingIntelligence deployment, see PingIntelligence setup and PingIntelligence manual deployment.
/opt/pingidentity/ase/bin/cli.sh status API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE. For more information on starting ASE, see Start and stop ASE.
# ./bin/cli.sh enable_sideband_authentication -u admin –p
Ensure SSL is configured in ASE for client side connection using self-signed certificate. For more information on configuring self-signed certificate, see Configure SSL for external APIs.
Enable connection keepalive between gateway and ASE- Navigate to /opt/pingidentity/ase/config/. Set the value of enable_sideband_keepalive to true in ase.conf file. If the ASE is running stop it, before making the change. Start ASE after setting the value. For more information on ASE configuration, see Sideband ASE configuration using the ase.conf file
# ./bin/cli.sh -u admin -p admin create_sideband_token
Save the generated authentication token for further use. The token is required for IBM DataPower Gateway to authenticate with ASE. It is set as a runtime variable in ASE config set-variable policy. For more information, see Configure PingIntelligence policy components.