Complete the following prerequisites before deploying the PingIntelligence policy.

Confirm the versions- The PingIntelligence policy is validated only for the following versions of IBM APIC and DataPower:
  • IBM APIC v5.0.8.7
  • IBM DataPower Gateway 2018.4.10

Verify User permissions- To configure PingIntelligence policy, the user must have permissions to edit and publish APIs in the API Manager.

Install PingIntelligence software- PingIntelligence software should be installed and configured. For more information on PingIntelligence deployment, see PingIntelligence setup and PingIntelligence manual deployment.

Verify that ASE is in sideband mode- Check that ASE is in sideband mode by running the following ASE command.
/opt/pingidentity/ase/bin/cli.sh status
API Security Enforcer
status                  : started
mode                    : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : enabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB

If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE. For more information on starting ASE, see Start and stop ASE.

Enable sideband authentication- For a secure communication between IBM DataPower Gateway and ASE, enable sideband authentication by entering the following ASE command.
# ./bin/cli.sh enable_sideband_authentication -u admin –p

Ensure SSL is configured in ASE for client side connection using self-signed certificate. For more information on configuring self-signed certificate, see Configure SSL for external APIs.

Enable connection keepalive between gateway and ASE- Navigate to /opt/pingidentity/ase/config/. Set the value of enable_sideband_keepalive to true in ase.conf file. If the ASE is running stop it, before making the change. Start ASE after setting the value. For more information on ASE configuration, see Sideband ASE configuration using the ase.conf file

Generate sideband authentication token- To generate the token in ASE, enter the following command in the ASE command line.
# ./bin/cli.sh -u admin -p admin create_sideband_token

Save the generated authentication token for further use. The token is required for IBM DataPower Gateway to authenticate with ASE. It is set as a runtime variable in ASE config set-variable policy. For more information, see Configure PingIntelligence policy components.