You must:

  • Install and configure the PingIntelligence software. For more information, refer to Automated deployment or Manual deployment.
  • Verify that API Security Enforcer (ASE) is in sideband mode by running the following ASE command:
    /opt/pingidentity/ase/bin/cli.sh status
API Security Enforcer
status                  : started
mode                    : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : enabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB
    • If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.
  • For a secure communication between the Akana Gateway and ASE, enable sideband authentication by entering the following ASE command:
    # ./bin/cli.sh enable_sideband_authentication -u admin –p
  • Ensure SSL is configured in ASE for client side connection using CA-signed certificate.Please refer to Configuring SSL for external APIs for more details.
  • Generate sideband authentication token by entering the following command in the ASE command-line interface (CLI):
    # ./bin/cli.sh -u admin -p admin create_sideband_token
  • Enable the connection keepalive between gateway and ASE by navigating to /opt/pingidentity/ase/config/ and setting the value of enable_sideband_keepalive to true in the ase.conf file.
Important: The primary and secondary ASE APIs should not be exposed to external API clients. For more details on securing ASE APIs, see Securing PingIntelligence ASE APIs.

To add ASE APIs to the Akana API Gateway:

  1. Sign on to the Akana portal and click Add API from the APIs drop-down list.
  2. Select I want to design my API from scratch (REST) only.
  3. Enter the following details for ASE:
    1. Enter the name of the API in the Name field.
    2. Enter the Endpoint: <http/https>://<ASE-Hostname or IP>/ase.
    3. Click the toggle to enable Advanced Options.
    4. Enter the API version in the Version ID field.
    5. For Pattern, select Proxy.
    6. Select Implementation.
    7. Select Deployment Zones.
  4. Click Save after entering the details.
    A screenshot of the Add API page in the Akana portal.
  5. Add two resources under Resources: one to post request metadata to ASE and another to post response metadata to ASE.To add a resource to the ASE API, open API Designer:
    1. Navigate to the Overview page of the API.
    2. Choose Details from the left menu pane. The summary of the API is displayed in the details.
    3. In the Design section, click Edit to enter API Designer.
    A screenshot of API Designer.
  6. Add the Request resource to the API:
    A screenshot of the Resources page in API Designer.
    1. Click Add Resource to open the Edit Resource window.
    2. Enter /request in the Path to post request metadata to ASE.
    3. For Verb, choose POST.
    4. Enter Operation ID. If the user does not provide the value, a random value is generated for Operation ID.
    5. Click Finish after updating the other optional details like Description, Summary, and Tags.
    6. Click Save.
    A screenshot of the Edit Resource window.
    Note:

    A default resource is created when an API is added to Akana API Gateway. This resource can be edited to add the first resource.

  7. To add the Response resource to the API:
    1. Click Add Resource to open the Edit Resource window.
    2. Enter /response in the Path field to post request metadata to ASE.
    3. For Verb, choose POST.
    4. Enter Operation ID. If the user does not provide the value, a random value is generated for Operation ID.
    5. Click Finish after updating the other optional details like Description, Summary, and Tags.
    A screenshot of the Edit Resource window.
  8. To add the secondary (backup) ASE node, repeat steps 1- 5.