Configuring PingAccess for Kong Gateway integration
To allow Kong Gateway to use the PingAccess Sideband API for authorization and request and response modification, create a sideband client in PingAccess that represents Kong Gateway.
Before you begin
-
Verify that the
sideband.http.enabledproperty is set totruein the PingAccessrun.propertiesfile. Learn more in the Configuration file reference. -
Review the Sideband model section in How do I choose a deployment model? and Protecting an API with PingAccess in a sideband deployment.
About this task
Prepare PingAccess to authenticate requests from Kong Gateway by configuring a header name and shared secret for Kong Gateway to authenticate with.
|
You can find more information about sideband clients in Sideband Clients. |
Steps
-
In the PingAccess admin console, click Applications, then go to Sideband Clients.
-
Click Add Sideband Clients.
-
In the Name field, enter a unique name for the sideband client.
-
(Optional) In the Description field, enter a description for the sideband client.
-
In the Secrets section, add a secret:
Result:
The New Secret page opens.
-
On the New Secret page, click Copy to copy the new secret to your clipboard.
-
Save the secret in a secure location. You’ll use it in the following procedure.
-
Version 1.2.0 of the
ping-authplugin supports referenceable secrets. For security reasons, store the shared secret in a vault supported by Kong. Learn more in Secrets Management and Environment Variables Vault in the Kong documentation. -
When you use the secret, replace the
<client name>placeholder value with the Name you configured in step 3.
-
-
Click Done.
-
(Optional) In the Header Name field, enter a unique, descriptive name to make it easier to tell your configured secrets apart.
-
Click Save.