Installing and configuring the PingIntelligence bundle - PingIntelligence for APIs

Installing and configuring the PingIntelligence bundle - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

Install and configure the PingIntelligence bundle for the CA API Gateway.

To install and configure the PingIntelligence bundle:

Download the PingIntelligence policy files from the Ping Identity Download site.
The downloaded package will have the following files and properties:
- ASE Check Request: The assertion used to analyze API requests.
- ASE Check Response: The assertion used to analyze API responses.
- Cluster-wide Properties:
  - ase_host_https: The default is https://ase-server.example.com.
  - ase_host2_https: The default is https://ase-server-2.example.com.
  - ase_path_request and ase_path2_request: The default path is /ase/request.
  - ase_path_response and ase_path2_response: The default path is /ase/response.
- API examples:
  - /shop: Example API that may be called by an external client. The API shows how to support both failing and non-failing policies.
  - /shop/backend: An example shop-backend for demo purposes.
Untar the package.

Edit the pingintelligence-properties.bundle to configure the following properties:

Property	Description
ase_host_https and ase_host2_https	Primary and secondary PingIntelligence API Security Enforcer (ASE) IP address and port number. If the primary ASE is not available, the request is sent to the secondary ASE.
ase_request_connection_timeout	The time in milliseconds for which the API gateway waits to establish a TCP connection for the client request with ASE. After the timeout period, the request is directly sent to the backend server. The default value is 30,000 milliseconds.
ase_request_read_timeout	The time in milliseconds for which the API gateway waits to get a response from ASE for the request. After the timeout period, the request is directly sent to the backend server. The default value is 60,000 milliseconds.
ase_response_connection_timeout	The time in milliseconds for which the API gateway waits to establish a TCP connection with ASE for the response from the backend server. After the timeout period, the response is directly sent to the client. The default value is 30,000 milliseconds.
ase_response_read_timeout	The time in milliseconds for which the API gateway waits to get a response from ASE for the request. After the timeout period, the request is directly sent to the backend server. The default value is 60,000 milliseconds.
ase_path_request and ase_path2_request	Use the default value in the sample file.
ase_path_response and ase_path2_response	Use the default value in the sample file.

The following is a sample pingintelligence-properties.bundle file:

<?xml version="1.0" encoding="UTF-8"?><l7:Bundle xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
            <l7:References>
                <l7:Item>
                    <l7:Name>ase_host_https</l7:Name>
                    <l7:Id>f33082fa66314439b5d7e8703ac0963a</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="f33082fa66314439b5d7e8703ac0963a" version="1">
                            <l7:Name>ase_host_https</l7:Name>
                            <l7:Value>https://your-ase-host-and-port</l7:Value>

                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_path_request</l7:Name>
                    <l7:Id>f33082fa66314439b5d7e8703ac09636</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="f33082fa66314439b5d7e8703ac09636" version="0">
                            <l7:Name>ase_path_request</l7:Name>
                            <l7:Value>/ase/request</l7:Value>

                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_path_response</l7:Name>
                    <l7:Id>f33082fa66314439b5d7e8703ac09633</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="f33082fa66314439b5d7e8703ac09633" version="0">
                            <l7:Name>ase_path_response</l7:Name>
                            <l7:Value>/ase/response</l7:Value>

                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_request_connection_timeout</l7:Name>
                    <l7:Id>07b5ecd6fc3baca9518885b71dbcee8e</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="07b5ecd6fc3baca9518885b71dbcee8e" version="0">
                            <l7:Name>ase_request_connection_timeout</l7:Name>
                            <l7:Value>30000</l7:Value>

                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_request_read_timeout</l7:Name>
                    <l7:Id>07b5ecd6fc3baca9518885b71dbcee90</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="07b5ecd6fc3baca9518885b71dbcee90" version="0">
                            <l7:Name>ase_request_read_timeout</l7:Name>
                            <l7:Value>60000</l7:Value>

                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_response_connection_timeout</l7:Name>
                    <l7:Id>07b5ecd6fc3baca9518885b71dbcee92</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="07b5ecd6fc3baca9518885b71dbcee92" version="0">
                            <l7:Name>ase_response_connection_timeout</l7:Name>
                            <l7:Value>30000</l7:Value>

                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_response_read_timeout</l7:Name>
                    <l7:Id>07b5ecd6fc3baca9518885b71dbcee94</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-09T20:18:03.316Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="07b5ecd6fc3baca9518885b71dbcee94" version="0">
                            <l7:Name>ase_response_read_timeout</l7:Name>
                            <l7:Value>60000</l7:Value>

                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_path2_response</l7:Name>
                    <l7:Id>753f4df53a2f3daf040f9807a4f9a126</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-18T17:04:41.043Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="753f4df53a2f3daf040f9807a4f9a126" version="0">
                            <l7:Name>ase_path2_response</l7:Name>
                            <l7:Value>/ase/response</l7:Value>
                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_path2_request</l7:Name>
                    <l7:Id>753f4df53a2f3daf040f9807a4f9a124</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-18T17:04:41.043Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="753f4df53a2f3daf040f9807a4f9a124" version="0">
                            <l7:Name>ase_path2_request</l7:Name>
                            <l7:Value>/ase/request</l7:Value>

                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
                <l7:Item>
                    <l7:Name>ase_host2_https</l7:Name>
                    <l7:Id>753f4df53a2f3daf040f9807a4f9a122</l7:Id>
                    <l7:Type>CLUSTER_PROPERTY</l7:Type>
                    <l7:TimeStamp>2019-07-18T17:04:41.043Z</l7:TimeStamp>
                    <l7:Resource>
                        <l7:ClusterProperty id="753f4df53a2f3daf040f9807a4f9a122" version="1">
                            <l7:Name>ase_host2_https</l7:Name>
                            <l7:Value>https://your-second-ase-host-and-port</l7:Value>

                        </l7:ClusterProperty>
                    </l7:Resource>
                </l7:Item>
            </l7:References>