Add a primary and secondary ASE node to the Akana API Gateway.
You must:
- Install and configure the PingIntelligence software. For more information, refer to Automated deployment or Manual deployment.
- Verify that API Security Enforcer (ASE) is in sideband mode by running the
following ASE
command:
/opt/pingidentity/ase/bin/cli.sh status API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB
- If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.
- For a secure communication between the Akana Gateway and ASE, enable sideband
authentication by entering the following ASE
command:
# ./bin/cli.sh enable_sideband_authentication -u admin –p
- Ensure SSL is configured in ASE for client side connection using CA-signed certificate.Please refer to Configuring SSL for external APIs for more details.
- Generate sideband authentication token by entering the following command in the
ASE command-line interface
(CLI):
# ./bin/cli.sh -u admin -p admin create_sideband_token
- Enable the connection keepalive between gateway and ASE by navigating to
/opt/pingidentity/ase/config/ and setting the value of
enable_sideband_keepalive to true in
the ase.conf file.
- If ASE is running, stop it before making the change and start ASE after setting the value. For more information on ASE configuration, see Sideband ASE configuration using the ase.conf file.
Important: The primary and secondary
ASE APIs should not be exposed to external API clients. For more details on securing
ASE APIs, see Securing PingIntelligence ASE APIs.
To add ASE APIs to the Akana API Gateway: