Complete the following steps before configuring PingAccess.
Before configuring PingAccess:
-
Confirm the PingAccess
version.
The PingIntelligence policy supports PingAccess versions 5.x and 6.x. If you are using any other version, contact Ping Identity support.
-
Install and configure the PingIntelligence software.
For more information, see PingIntelligence automated deployment for virtual machines and servers and PingIntelligence manual deployment.
-
Verify that ASE is in sideband mode by running the following command in ASE command
line:
/opt/pingidentity/ase/bin/cli.sh status API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : disabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.61 MB, free 102.39 MB google pubsub : disabled log level : debug timezone : local (UTC)If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set
modeas sideband and start ASE. -
For secure communication between PingAccess and ASE, enable sideband authentication by entering the
following ASE command:
# ./bin/cli.sh enable_sideband_authentication -u admin –p -
To generate the token, enter the following ASE command and save the generated
authentication token for further use.
A token is required for PingAccess to authenticate with ASE.
# ./bin/cli.sh -u admin -p admin create_sideband_token