Deploying the PingIntelligence policy - PingIntelligence for APIs - 5.2

PingIntelligence
bundle
pingintelligence-52
ft:publication_title
PingIntelligence
Product_Version_ce
PingIntelligence for APIs 5.2 (Latest)
category
APISecurity
AdvancedAPICybersecurity
Capability
Environment
OS
Product
apisecurity
capability
linux
pi-52
pingintelligence
private
ContentType_ce

The PingIntelligence sideband policy supports integration with MuleSoft 3.9 and 4.x API Gateways.

The policy package has the following two files:

  • policy.yaml
  • policy.xml

Follow the steps to deploy PingIntelligence policy based on the version of the MuleSoft API Gateway. For PingIntelligence to detect attacks based on username, make sure that the PingFederate access token enforcement policy is the first policy deployed. PingIntelligence policy should be the second policy.

A screen capture of the Configuration Detail window in API Manager.

Deploying PingIntelligence for MuleSoft 3.9

Before applying the PingIntelligence policy, make sure that the API to which you want to apply the policy is defined. The steps below use an API named PingIntelligenceAPI for illustration purposes.

To deploying the PingIntelligence policy to MuleSoft Anypoint 3.9:

  1. Sign on to your MuleSoft Anypoint account.
  2. Open API Manager by expanding the menu on the left-hand side.
    A screen capture of the MuleSoft left navigation with API Manager hilighted with a yellow box.
  3. In the API Administration page, click Custom Policies.
    A screen capture of API Manager with the Custom Policies left navigation link highlighted with a yellow box.
  4. In the Custom Policies page, click Add custom policy:
    A screen capture of the Custom policies page in API Manager. The Add custom policy button is highlighted with a yelllow box.
  5. In the Add custom policy pop-up window, add the policy name (for example, PingIntelligence policy) and upload the policy.yaml and policy.xml files.
    A screen capture of the Add custom policy page.

    The PingIntelligence policy is added as shown below.

    A screen capture of the Custom policies page in API Manager with a PingIntelligence Policy displaying in the list.

Deploying PingIntelligence for MuleSoft 4.x

The PingIntelligence policy for MuleSoft now supports two languages:

  • Groovy
  • Java

Based on your environment and requirements, either of the policies can be deployed.

Note:

The PingIntelligence MuleSoft Java policy supports asynchronous invocation from the Gateway to PingIntelligence ASE.

The PingIntelligence policy for MuleSoft tar is now comprised of the following structure (after extraction):

pingidentity/
`-- mulesoft-policy
    |-- mulesoft-3.9
    |   |-- policy.xml
    |   `-- policy.yaml
    |-- mulesoft-4.0-groovy
    |   |-- policy.xml
    |   |-- policy.yaml
    |   `-- pom.xml
    `-- mulesoft-4.0-java
        |-- mule-artifact.json
        |-- policy.xml
        |-- policy.yaml
        `-- pom.xml

Complete the following steps to deploy the PingIntelligence policy for the MuleSoft 4.0 Groovy or Java policy:

To deploy the PingIntelligence policy for the MuleSoft 4.x or MuleSoft 4.0 Groovy or Java policy:

  1. Create a project directory by following the instructions in Getting started with Custom Policies development.

    The following screenshot shows an illustrative sample of a project directory structure.

    An example project directory structure.

    The PingIntelligence policy package provides three files for 4.x:

    • policy.xml: Contains the actual logic of the policy.
    • policy.yaml: Has details that render policy configuration UI.
    • pom.xml: Specifies dependencies for policy compilation.
  2. When the project's directory structure is created, replace the contents of my-custom-policy.yaml with that of the policy.yaml file, and the contents of template.xml with that of policy.xml. Similarly, replace the contents of pom.xml with that of the pom.xml file provided in the PingIntelligence policy package.
    The project directory structure with arrows pointing to which files to copy the contents.
  3. Edit the pom.xml file to enter your organization's groupID: 
    <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>7a0f5884-ba26-4929-a681-66ca288a6992</groupId>

    <artifactId>PingIntelligence</artifactId>
    <version>1.2.0</version>
    <name>PingIntelligence</name>
    <description>ASE Sideband Policy for mule 4 with username info</description>
  4. From the command line in your project folder, run the following command.

    This packages the PingIntelligence policy and creates a deployable JAR file.

    > mvn clean install
    Note:

    You require license to MuleSoft Enterprise Repository for compiling the policy.

  5. Upload the PingIntelligence policy to Exchange by following the instructions in Deploying a Policy Created Using the Maven Archetype.

    The PingIntelligence policy is now available to apply to your APIs. For more information, see Applying the PingIntelligence policy.