The default ports for connection with ABS are 8080 and 9090. Run the check_ports.sh script on the ASE machine to determine accessibility of ABS. Input ABS host IP address and ports as arguments.

/opt/pingidentity/ase/util ./check_ports.sh {ABS IPv4:[port]}

To configure ASE for connecting with the ABS AI engine:

  1. Update abs.conf located in the ASE /opt/pingidentity/ase/config directory with the ABS engine address and authentication keys:
    1. Configure abs_endpoint with the ABS engine management IP address/hostname and port number (default: 8080), which was configured in the /opt/pingidentity/abs/config/abs.properties file.
      Note: If ABS is in a different AWS security group, use a private IP address.
    2. Configure ABS access_key and secret_key using the key values from the abs_init.js file located in /opt/pingidentity/abs/mongo.
    Below is a sample abs.conf file:
    ; API Security Enforcer ABS configuration.
; This file is in the standard .ini format. The comments start with a semicolon (;).
; Following configurations are applicable only if ABS is enabled with true.

; a comma-separated list of abs nodes having hostname:port or ipv4:port as an address.
abs_endpoint=127.0.0.1:8080

; access key for abs node
access_key=OBF:AES://ENOzsqOEhDBWLDY+pIoQ:jN6wfLiHTTd3oVNzvtXuAaOG34c4JBD4XZHgFCaHry0

; secret key for abs node
secret_key=OBF:AES:Y2DadCU4JFZp3bx8EhnOiw:zzi77GIFF5xkQJccjIrIVWU+RY5CxUhp3NLcNBel+3Q

; Setting this value to true will enable encrypted communication with ABS.
enable_ssl=true

; Configure the location of ABS's trusted CA certificates. If empty, ABS's certificate
; will not be verified
abs_ca_cert_path=
    Important: Make sure that ASE and ABS are in the same time zone.