Preparing for deployment - PingIntelligence for APIs

Preparing for deployment - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

Complete the following prerequisites before deploying PingIntelligence policy on PingFederate

Verify versions supported. The PingIntelligence policy is qualified with the following combination.

PingFederate Version	JDK version	Password Credential Validator
PingFederate 9.3.3	Oracle JDK8.0.u261	OpenLDAP-2.4.44 Simple username password credential validator (PCV)

Note:

If you are using any other versions of PingFederate or JDK, or any other PingFederate-supported PCV, contact the Ping Identity support team for deployment support.

Install and configure PingIntelligence software. For more information on PingIntelligence deployment, see PingIntelligence automated deployment or PingIntelligence manual deployment.

To prepare for deployment of the PingIntelligence policy:

Verify that API Security Enforcer (ASE) is in sideband mode by running the following ASE command:

/opt/pingidentity/ase/bin/cli.sh status

If ASE is in sideband mode, you will see the following result:

API Security Enforcer
status                  : started
mode                  : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : disabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.61 MB, free 102.39 MB
google pubsub           : disabled
log level               : debug
timezone                : local (UTC)

If ASE is not in sideband mode, complete the following steps:

Stop ASE if it is running. For more information, see Starting and stopping ASE.
Navigate to /opt/pingidentity/ase/config/.
Edit the ase.conf file and set mode parameter to sideband.
Start ASE. For more information, see Starting and stopping ASE.

For a secure communication between PingFederate and ASE, enable sideband authentication by entering the following ASE command:
```
# ./bin/cli.sh enable_sideband_authentication -u admin –p
```
Generate a sideband authentication token by entering the following ASE command.
A token is required for PingFederate to authenticate with ASE.
```
# ./bin/cli.sh -u admin -p admin create_sideband_token
```
Save the generated authentication token for further use.
Enable connection keepalive between PingFederate and ASE.
1. Stop ASE if it is running. For more information, see Starting and stopping ASE.
2. Navigate to /opt/pingidentity/ase/config/.
3. Edit the ase.conf file and set enable_sideband_keepalive parameter to true.
4. Start ASE. For more information, see Starting and stopping ASE.