Before deploying the PingIntelligence policy:

  1. Verify that MuleSoft version 3.9.x or 4.x is installed.

    If you are using any other version, contact Ping Identity support.

    Note:

    Due to a known bug in MuleSoft 4.2.2, you can encounter a 502 error response when the PingIntelligence policy is deployed with MuleSoft 4.2.2. Refer to theMuleSoft documentation for more information about the issue and its resolution.

  2. Install and configure the PingIntelligence software.

    For more information, see PingIntelligence manual deployment or PingIntelligence automated deployment.

  3. Verify that API Security Enforcer (ASE) is in sideband mode by running the following ASE command: 
    /opt/pingidentity/ase/bin/cli.sh status
    API Security Enforcer
status                  : started
mode                  : sideband

http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : disabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
google pubsub           : disabled
log level               : debug
timezone                : local (UTC)

    If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.

  4. For a secure communication between MuleSoft Anypoint and ASE, enable sideband authentication by entering the following ASE command: 
    # ./bin/cli.sh enable_sideband_authentication -u admin –p
  5. To generate the token in ASE, enter the following command in the ASE command line and save the generated authentication token for further use:

    A token is required for MuleSoft Anypoint to authenticate with ASE.

    # ./bin/cli.sh -u admin -p admin create_sideband_token
  6. Optional: Gather user information from PingFederate:
    1. To integrate PingFederate with MuleSoft, follow the instructions in Configure Client Management PingFederate.

      This will enable PingFederate OAuth Token Enforcement policy. This policy should be applied before the PingIntelligence policy in the Anypoint platform API Manager as shown in the following screenshot.

      A screen capture of the API level policies page with two policies highlighted with a yellow square.

      Currently the PingIntelligence policy supports PingFederate as authorization server.