Configuring the ping-auth plugin in Konnect
After you’ve uploaded the ping-auth plugin’s schema to Konnect, configure the plugin in Gateway Manager, or use the Kong API.
|
Test the operation of the |
-
Gateway Manager UI
-
Kong API
Configuring the plugin using the Gateway Manager UI
Steps
-
In Gateway Manager, open Plugins from the side navigation, then click New Plugin.
-
On the Custom Plugins tab, click the ping-auth plugin.
-
(Optional) To enable the plugin for specific consumers, services, or routes, click Scoped, and then enter Service, Route, and Consumer information.
-
In the Service Url field, enter the API gateway service URL that you saved when you prepared PingOne Authorize for Konnect integration.
-
In the Shared Secret field, enter the credential that you saved earlier.
The gateway credential is the shared secret that authenticates the
ping-authplugin to PingOne Authorize. Version 1.2.0 of the plugin supports referenceable secrets. For security reasons, store the gateway credential in a vault supported by Kong. Learn more in Secrets Management in Konnect and Environment Variables Vault in the Kong documentation.
-
Configure the following additional fields:
Option API Field Name Description Connection KeepAlive Ms
connection_keepAlive_msThe duration to keep the connection alive for reuse. The default is
60000.Connection Timeout Ms
connection_timeout_msThe duration to wait before the connection times out. The default is
10000.Enable Debug Logging
enable_debug_loggingControls if the requests and responses are logged at the debug level. The default is
false. For log messages to show inerror.log, you must setlog_level = debuginkong.conf.Verify Service Certificate
verify_service_certificateControls whether the service certificate is verified. This is intended for testing purposes and the default is
true. -
Click Save.
Result
Kong Konnect is now configured to work with PingOne Authorize.
Configuring the plugin using the Kong API
Steps
-
Send the following in a
POSTrequest tohttps://{region}.api.konghq.com/konnect-api/api/runtime_groups/{controlPlaneId}/plugins:{ "name": "ping-auth", "enabled": true, "config": { "enable_debug_logging": true, "verify_service_certificate": false, "secret_header_name": "<shared secret header name>", "service_url": "https://<PingOne Server hostname>", "shared_secret": "<shared secret>" } }The following fields are required for this API request:
You saved credentials when you prepared PingOne Authorize for Konnect integration. To find the credentials in PingOne, go to Authorization > API Gateways.
-
Secret_header_name: The header name in which the shared secret is provided. You can provide additional configuration in accordance with the Kong API specification. -
Service_url: The full service URL of the API gateway in PingOne. -
Shared_secret: The shared secret value to authenticate this plugin to PingOne.The gateway credential is the shared secret that authenticates the
ping-authplugin to PingOne Authorize. Version 1.2.0 of the plugin supports referenceable secrets. For security reasons, store the gateway credential in a vault supported by Kong. Learn more in Secrets Management in Konnect and Environment Variables Vault in the Kong documentation.
-
-
(Optional) Configure additional fields:
Option API Field Name Description Connection KeepAlive Ms
connection_keepAlive_msThe duration to keep the connection alive for reuse. The default is
60000.Connection Timeout Ms
connection_timeout_msThe duration to wait before the connection times out. The default is
10000.Enable Debug Logging
enable_debug_loggingControls if the requests and responses are logged at the debug level. The default is
false. For log messages to show inerror.log, you must setlog_level = debuginkong.conf.Verify Service Certificate
verify_service_certificateControls whether the service certificate is verified. This is intended for testing purposes and the default is
true.
Result
Kong Konnect is now configured to work with PingOne Authorize.