Complete the following prerequisites before deploying the PingIntelligence policy on API Manager (APIM):
Before deploying the PingIntelligence policy on APIM:
-
Confirm that the Azure APIM Service is available.
The PingIntelligence policy supports Azure APIM Q2CY2020 version. If you are using any other version, contact Ping Identity support.
- Confirm that the APIs to which you want to apply the PingIntelligence policy are available.
-
To use the API Security Enforcer (ASE) self-signed certificate, configure the CA
certificate from the Security > CA certificates the section.
-
Select one of the following four levels to apply the PingIntelligence policy:
- For all the APIs
- For a group of APIs, that is, at the product level
- For individual APIs
- For a specific operation in the API
-
Install and configure the PingIntelligence software.
Refer to the PingIntelligence deployment guide for your environment type.
-
Verify that ASE is in sideband mode by running the following ASE
command:
/opt/pingidentity/ase/bin/cli.sh statusAPI Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : disabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.61 MB, free 102.39 MB google pubsub : disabled log level : debug timezone : local (UTC)If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.
-
For a secure communication between APIM and ASE, enable sideband authentication by
entering the following ASE command:
# ./bin/cli.sh enable_sideband_authentication -u admin –p -
A token is required for APIM to authenticate with ASE. To generate the token in
ASE, enter the following ASE command and save the generated authentication token for
further use:
# ./bin/cli.sh -u admin -p admin create_sideband_token