Complete the following before configuring the Axway API Gateway.
To connect PingIntelligence API Security Enforcer (ASE) with the Axway API Gateway:
-
Confirm the Axway version is 7.5.3 or higher.
PingIntelligence works with Axway 7.5.3 or higher.
- Optional:
To detect username-based attacks, make sure that the OAuth token store is
configured in Axway.
-
Install and configure the PingIntelligence software.
Refer to the PingIntelligence deployment guide for your environment type.
-
Verify that ASE is in sideband mode by running the following ASE command:
/opt/pingidentity/ase/bin/cli.sh statusAPI Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MBIf ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.
-
For a secure communication between Axway and ASE, enable sideband authentication by
entering the following ASE command:
# ./bin/cli.sh enable_sideband_authentication -u admin –p -
Generate sideband authentication token by entering the following ASE command. Save
the generated authentication token for further use.
A token is required for Axway to authenticate with ASE.
# ./bin/cli.sh -u admin -p admin create_sideband_token -
If you are using AAD to automate API
definition updates on PingIntelligence, open the following ports:
- The management port to fetch API definitions from Axway. The default port is 8075.
- Port 8010 in ASE for AAD to add API definitions.
- Import the Axway policy in Axway Policy Studio.
- Deploy the Axway policy.
- Import the APIs from the Management virtual machine (VM) to Axway API Manager.