Install the integration kit in Kong Gateway and configure it to integrate with PingOne Authorize.
Install the integration kit using LuaRocks.
Install and load the plugin by following the LuaRocks steps in Kong's installation guide.
To install using LuaRocks, run the command:
luarocks install kong-plugin-ping-auth
After installation, load the plugin into Kong by editing the following
property in kong.conf:
plugins = bundled,ping-auth.
Alternatively, use the environment variable KONG_PLUGINS = bundled,ping-auth.
- Start or restart Kong.
To confirm loading, look for the debug-level message
Loading plugin: ping-authin Kong’s error.log.
- To install using LuaRocks, run the command:
In Kong Manager, click your default workspace, and then click
ping-authplugin, click Edit, and then click the toggle to enable the plugin.
- If you want to enable the plugin for specific consumers, services, or routes, click Scoped and then enter Service, Route, and Consumer information as needed.
Paste the Service URL from the API Gateway you added in
PingOne Authorize into
the Config.Service Url field in Kong Manager.
This is the full URL of the Ping Identity policy provider.
Paste the API Gateway credential you created in PingOne Authorize into the
Config.Shared Secret field in Kong Manager.
The shared secret authenticates the authorization plugin to PingOne Authorize.
If needed, configure additional options in Kong Manager.
Config.Connection KeepAlive Ms
The duration to keep the connection alive for reuse. The default is
Config.Connection Timeout Ms
The duration to wait before the connection times out. The default is
Config.Enable Debug Logging
Controls if requests and responses are logged at the debug level. The default is
For log messages to show in the
error.log, you must set
log_level = debugin
Config.Verify Service Certificate
Controls whether the service certificate is verified. This is intended for testing purposes, and the default is
Click Update, and then click Update
Kong Gateway is now configured to work with PingOne Authorize.
Define a managed API service to represent your API so that PingOne Authorize can help your API gateway enforce access control. For more information, see Defining your API in PingOne Authorize.